VolDiff is a bash script that runs Volatility plugins against memory images captured before and after malware execution. It creates a report that highlights system changes based on memory (RAM) analysis.
VolDiff can additionally be used on a single memory image to automate Volatility plugin execution, and hunt for malicious patterns.