The introspection of virtual machines is an important aspect of protecting against the threat of malware that can hide from traditional automated malware-detection systems. A distributed system for live virtual machine introspection is presented utilizing the Xen Project hypervisor and LibVMI for introspection. The system incorporates the importing of VMs through the OVF specification, VM management through libvirt, and the streaming of various kernel data structures and system calls into data stores with no delay between introspection and storage.
