post originally published on this site

CHIRP is a Virtual Machine Introspection (VMI)-based cloud forensics platform that enables analysts and defenders to collect evidence and incident response materials in real time, without disturbing the user environment or alerting the intruder 

The shift to Infrastructure-as-a-Service (IaaS) has brought challenges to cyber Incident Response (IR) and forensics teams investigating not only breaches and leaks, but also cyber-crime. Due to the ephemerality, location, and ownership of the data, disks, and technology provided by Cloud Service Providers (CSPs), cloud-based entities and cloud customers have yet to establish foundational forensic capabilities that can help reduce security risks. Even further, IaaS platforms rely on hypervisors to virtualize computer systems, but most do not offer a useful Application Programming Interface (API) to support customizable, contextual introspection which is what an analyst needs to conduct investigations.