On the general tab, DiffView calculates and displays a score, based on a list of indicators. Indicators are heuristics rules inside the engine, triggered when malicious or suspicious actions occur. They are materialized by a score (0-100%) and a weight. Altogether generate a malicious score between 0 and 100%.
During analysis, captured avents are displayed in real-time in the different categorized tabs (processes, filesystem, registry). It’s advised though to wait until analysis is completed before navigating into them to avoid massive slowing down. Events are also summarized into the general tab.
All categorized views are displayed into a tree to help viewing the parent-child relationships. They also come with a filter entry to make quick searches.
After analysis, a report is created and is available with the “Report” button. All created reports are also available in the “History” tab. The report summarizes what occurred during the capture, for easier sharing and archiving.