Does this skill work with Volatility 2 or Volatility 3?

This skill is optimized for the Volatility 3 framework, though many of the conceptual workflows and acquisition techniques apply broadly to memory forensics.

How does it handle memory acquisition?

It provides commands for industry-standard tools like WinPmem, LiME, and osxpmem, ensuring you can capture memory with a minimal forensic footprint.

Can this skill help identify hidden malware in RAM?

Yes, it includes specific plugins and detection patterns for identifying 'malfind' indicators, process injection, and DKOM-based rootkit techniques.

Can I use YARA rules with this skill?

Absolutely. It includes guidance on writing memory-specific YARA rules and using the windows.yarascan plugin to search for signatures across process and kernel memory.

What platforms are supported by this forensics skill?

The skill provides techniques and tool commands for Windows, Linux, and macOS, as well as specific instructions for virtualized environments like VMware, VirtualBox, and QEMU.

Memory Forensics

Name: Memory Forensics
Author: as4584

byas4584

0•

セキュリティとテスト

Master memory acquisition and forensic analysis to investigate security incidents and analyze malware behavior from RAM captures.

The Memory Forensics skill provides comprehensive guidance for acquiring and analyzing memory dumps across Windows, Linux, and macOS environments. It focuses on the Volatility 3 framework, offering structured workflows for process analysis, network connection reconstruction, and registry artifact extraction. Whether you are investigating a security breach or reverse-engineering sophisticated malware, this skill helps you identify hidden processes, detect code injection, and perform automated YARA scans to uncover memory-resident threats that traditional disk forensics might miss.

主な機能

01Multi-platform memory acquisition guidance for Windows, Linux, macOS, and Virtual Machines

02Advanced detection patterns for process hollowing, DLL injection, and rootkits

03Detailed reference for kernel data structures including EPROCESS, PEB, and VAD

040 GitHub stars

05Comprehensive Volatility 3 plugin library for deep-dive artifact extraction

06Integrated YARA scanning techniques for memory-resident malware identification

ユースケース

01Conducting post-compromise incident response to identify malicious activity and persistence

02Performing advanced malware analysis to understand runtime behavior and shellcode execution

03Hunting for rootkits and hidden processes that are invisible to the standard operating system

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add as4584/antigravity-skills memory-forensics

For use in Claude.ai and ChatGPT

Download Skill