---

VolDiff: Automated Malware Memory Footprint Analysis based on Volatility

VolDiff is a bash script that runs Volatility plugins against memory images captured before and after malware execution. It creates a report that highlights system changes based on memory (RAM) analysis.

VolDiff can additionally be used on a single memory image to automate Volatility plugin execution, and hunt for malicious patterns.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis