Does it support both Windows and Linux analysis?

While it features heavy focus on Windows artifacts like ShimCache and Prefetch, it also includes procedures for Linux memory acquisition via LiME and disk imaging via dd.

Can this skill help collect evidence for legal proceedings?

Yes, it emphasizes the order of volatility, cryptographic hashing for integrity, and structured documentation to support chain of custody requirements.

Is this skill meant for live threat hunting?

No, this skill is specifically for post-incident forensic investigation. For live monitoring or threat hunting, EDR or SIEM-focused skills are more appropriate.

What forensic tools does this skill support?

The skill provides workflows for industry-standard tools including Volatility 3, KAPE, Eric Zimmerman's tools (PECmd, MFTECmd), FTK Imager, and Autopsy.

Endpoint Forensics Investigation

Name: Endpoint Forensics Investigation
Author: mukul975

bymukul975

•

4,121

•

Seguridad y Pruebas

Conducts comprehensive digital forensics on compromised endpoints through memory acquisition, disk imaging, and artifact analysis.

This skill empowers AI agents to perform detailed digital forensic investigations on compromised Windows and Linux endpoints. It provides structured workflows for evidence preservation following the order of volatility, memory analysis using Volatility 3, and deep-dive artifact analysis of system components like Prefetch, ShimCache, and MFT. Ideal for incident responders and security analysts, it facilitates the reconstruction of attacker timelines and the collection of forensically sound evidence for legal or internal investigations while ensuring data integrity through cryptographic hashing.

Características Principales

01Windows artifact parsing including Prefetch, ShimCache, and Amcache

02Forensic disk imaging and evidence integrity verification

034,121 GitHub stars

04Volatile data and memory acquisition workflows using Volatility 3

05Timeline reconstruction and super-timeline generation with Plaso

06Structured reporting for initial access and persistence mechanism analysis

Casos de Uso

01Collecting and preserving volatile memory data for legal evidence and chain of custody

02Reconstructing attacker activity timelines to identify the scope of an endpoint compromise

03Investigating suspected malware infections or unauthorized access on corporate workstations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-endpoint-forensics-investigation

For use in Claude.ai and ChatGPT

Características Principales

01Windows artifact parsing including Prefetch, ShimCache, and Amcache

02Forensic disk imaging and evidence integrity verification

034,121 GitHub stars

04Volatile data and memory acquisition workflows using Volatility 3

05Timeline reconstruction and super-timeline generation with Plaso

06Structured reporting for initial access and persistence mechanism analysis

Casos de Uso

01Collecting and preserving volatile memory data for legal evidence and chain of custody

02Reconstructing attacker activity timelines to identify the scope of an endpoint compromise

03Investigating suspected malware infections or unauthorized access on corporate workstations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-endpoint-forensics-investigation

For use in Claude.ai and ChatGPT