rVMI - A New Paradigm for Full System Analysis

Explore a groundbreaking approach to full system analysis in this 41-minute Black Hat conference talk. Delve into rVMI, an innovative system that merges Virtual Machine Introspection (VMI) with Rekall, a powerful memory forensics framework, to create a robust platform for scriptable and interactive malware analysis. Learn how rVMI operates from the hypervisor on a live system, offering the ability to start, resume, and trap events at will. Presented by Jonas Pfoh and Sebastian Vogl, this talk introduces a new paradigm that enhances the capabilities of malware analysts and security researchers in understanding and combating sophisticated threats.

rVMI: A New Paradigm for Full System Analysis