Endpoint Analysis using - KDiff 3
KDiff 3 is a cross-platform tool designed to analyze text difference and merge files or directories. It features support for Unicode, UTF-8, reveals the difference between each character and line, integrates into Windows Explorer; it can print the differences, etc.
Why Baseline? It is like answering the question, “How can I detect abnormal behavior when I don’t know what is normal?” Baseline is one of the best ways to know what is normal and abnormal inside the organization, especially on endpoints and critical systems. It is having a clear understanding of what normal looks like. Getting a baseline from time to time gives the organization the ability to detect abnormal behavior through different baseline comparisons gathered on different timelines.
From an incident response perspective, identifying the patient zero during the incident or an infection is just the tip of the ice berg. A responder must gather evidence, artifacts, and data about the compromised systems and having the right tool to execute these actions is a must. Not only does it automate everything, but it also helps the responder to reduce the time to solve the issue.