More Information
ReVirt

ReVirt is part of the CoVirt project, which investigated on the use of virtual machines to provide security in an operating-system-independent manner to enable the security system to function independently from the guest operating system. ReVirt logs enough information to replay the entire intrusive sequence instruction-by-instruction so that a detailed observation on the attack can be documented. It includes a system called BackTracker that helps system administrators understand (and thereby recover from) an intrusion, by automatically identifying potential sequences of steps that occurred in an intrusion. Starting with a single detection point (e.g., a suspicious file), BackTracker identifies files and processes that could have affected that detection point and displays chains of events in a dependency graph.