One of our analysis tools is named FSCSI. It's what we use to generate a report of the changes made by malware when it runs. It makes snapshots before and after the sample is run and then compares the two for changes.
The FSCSI report provides a basic understanding of what the malware is trying to do, before the analyst begins to really dig into the code. Then the analyst has a better idea of what to look for and it speeds up the whole process. We even have and are further developing automated systems that use this tool.
Another thing that we can do with the FSCSI report is to visualize it in a graphical interface. This can be helpful when dealing with a complex place of code.