Diffy is a deprecated digital forensics and incident response (DFIR) tool that was developed by Netflix's Security Intelligence and Response Team (SIRT). The tool was designed to help forensic investigators quickly scope compromises across cloud instances during security incidents and triage those instances for follow-up actions. The tool focuses primarily on Linux instances running within Amazon Web Services (AWS) and utilizes a plugin structure that could potentially support multiple platforms and cloud providers. Diffy operates by identifying differences between instances to help investigators spot anomalies and outliers in security-relevant instance behavior. Key capabilities include efficiently highlighting outliers in instance behavior, such as identifying instances listening on unexpected ports. The tool supports AWS Systems Manager (SSM) and local osquery technologies, with each technology having its own plugins for targeting, collection, and persistence. Note: Diffy has been officially deprecated by Netflix and is no longer maintained or supported.