Density Scout

This tool was written by Christian Wojner for finding Malware on an infected system. The tool will basically look for the density of the code of the each file and present it in the descending order.

It's a pretty handy tool for identifying malicious files. This is just and indicator - don't completely rely on the results of density scout. Run is data by couple of other tools like PEscan and Sigcheck etc.

In case if the traditional forensics/IR tool fails to identify a malware. This is one of the good methods to run the image/mounted volume though density scout and get a list of suspicious binaries with lower score, run and MD5 and check in Virus total.


In case if you don't have forensic tools on your machine or you are using a Mac machine. You can use a SIFT docker container to perform the action. 
Docker SIFT Image: ​https://hub.docker.com/r/gourav5660/sans_sift_forensics
Once you have docker image pulled run following command: