The present disclosure relates to a system and method for rootkit detection based on a system dump sequence analysis. The system includes a security system in communication with one or more applications of a computing system. The security system includes a system event monitor to monitor events occurring at the applications, a system dump capture driver to capture differential system dumps corresponding to each event, and a rootkit detection engine to determine if a system state is infected. The rootkit detection engine is based on a machine learning model, where the machine learning model is trained on collection of clean system dumps and infectious system dumps. Based on analysis carried out by the machine learning model, the rootkit detection engine can classify the system state as suspicious, infectious, or clean state.