Persistent sandbox

Isolate execution environments while retaining state across reboots for multi-stage malware analysis and complex development testing.

The Persistent Sandbox is an isolated execution environment (VM, container, or specialized runtime) engineered to retain its state, including file system changes and registry modifications, across reboots or sessions. This persistence is critical for defeating evasive, multi-stage malware: a threat actor's payload (e.g., APT-41's multi-stage attack) often requires a system reboot or specific time delay to fully detonate. The persistent state allows security analysts to perform deep, multi-day threat hunting without losing forensic data. It moves beyond the disposable, single-session sandbox model to support rigorous, non-destructive analysis and complex software development workflows requiring consistent system state.

https://en.wikipedia.org/wiki/Sandbox_(computer_security)