Which memory acquisition tools does this skill support?

The skill provides guidance for WinPmem, LiME, osxpmem, and methods for extracting memory from virtualization platforms like VMware, VirtualBox, and Hyper-V.

Can I use this for Linux and macOS analysis?

Yes, it includes specific Volatility 3 workflows and plugins tailored for Linux and macOS, alongside comprehensive Windows support.

How does it help with malware detection?

It provides automated workflows for finding hidden processes, detecting code injection (malfind), identifying rootkits, and scanning memory with custom YARA rules.

Does it require Volatility 3?

While it focuses heavily on Volatility 3, it also covers raw string analysis, FLOSS for obfuscated strings, and manual data structure inspection for advanced forensics.

Memory Forensics & Malware Analysis

Name: Memory Forensics & Malware Analysis
Author: gwickman

bygwickman

0•

セキュリティとテスト

Analyzes system memory dumps to detect malware, extract forensic artifacts, and investigate security incidents using Volatility 3 and professional acquisition tools.

This Claude Code skill provides a comprehensive framework for performing memory forensics across Windows, Linux, and macOS environments. It equips users with the knowledge to acquire RAM captures from physical and virtual machines, utilize the Volatility 3 framework for deep-dive process and network analysis, and implement advanced detection patterns for code injection and rootkits. Whether you are performing incident response or reverse-engineering malware, this skill offers structured workflows, YARA integration, and data structure insights to uncover hidden threats within volatile memory.

主な機能

01Detailed data structure analysis for Windows EPROCESS and PEB blocks

02Advanced Volatility 3 plugin orchestration for process and network forensics

030 GitHub stars

04Multi-platform memory acquisition for Windows, Linux, and macOS

05YARA rule integration for targeted malware scanning within memory dumps

06Automated detection patterns for memory injection and rootkits

ユースケース

01Reverse-engineering sophisticated malware that resides only in volatile memory

02Performing post-mortem digital forensics on virtual machine snapshots

03Investigating live security breaches by analyzing RAM for malicious persistence

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add gwickman/auto-dev-test-target-1 memory-forensics

For use in Claude.ai and ChatGPT

Download Skill