Differential Analysis of Malware in Memory (DAMM)

Differential Analysis of Malware in Memory (DAMM) is a tool built on top of Volatility. Its main objective is as a test bed for some newer techniques in memory analysis, including performance enhancements via persistent SQLite storage of plugin results (optional); comparing in-memory objects across multiple memory samples, for example processes running in an uninfected samples versus those in an infected sample; data reduction via smart filtering (e.g., on a pid across several plugins); and encoding a set of expert domain knowledge to sniff out indicators of malicious activity, like hidden processes and DLLs, or windows built-in processes running form the wrong directory.

DAMM is free and open source. The link for the download as well as the walk through is located here. Please email damm@504ensics.com if you have more questions, bugs, or any trouble with the download.