Can I use this for disk image analysis?

No, this skill is specifically designed for volatile memory (RAM) analysis. For disk images, you should use tools like Autopsy, FTK, or The Sleuth Kit.

Can it recover deleted process information?

Yes, by using 'psscan' and pool tag scanning, it can often find EPROCESS structures for terminated or hidden processes that no longer appear in the active process list.

What formats of memory dumps are supported?

It supports raw memory dumps, Mach-O subfiles, and dumps acquired via tools like WinPmem, LiME, or DumpIt.

How does it detect fileless malware?

It uses specialized plugins like malfind to identify memory regions with executable permissions that aren't backed by files on disk, and supports YARA scanning for known malware signatures in RAM.

Does this skill support Volatility 3?

Yes, the skill provides commands and workflows specifically optimized for Volatility 3, including automatic OS detection and the latest plugin syntax.

Memory Forensics with Volatility

Name: Memory Forensics with Volatility
Author: mukul975

bymukul975

•

4,121

•

セキュリティとテスト

Analyzes RAM memory dumps using the Volatility framework to detect malware, injected code, and suspicious network activity across multiple operating systems.

This skill empowers AI agents to perform deep forensic analysis of volatile memory (RAM) using the Volatility 3 framework. It provides structured workflows for identifying hidden processes, detecting sophisticated techniques like process hollowing and DLL injection, and extracting sensitive artifacts such as network connections, command history, and credentials. It is an essential tool for incident responders and security analysts dealing with fileless malware, rootkits, and memory-resident threats where traditional disk forensics may fall short.

主な機能

01Automated OS detection and symbol table management for Volatility 3

02Advanced rootkit detection through process list and pool tag comparisons

03Cross-platform support for Windows, Linux, and macOS memory forensics

04In-memory code injection and process hollowing identification using malfind

05Extraction of network connections, registry keys, and cached credentials

064,121 GitHub stars

ユースケース

01Investigating fileless malware and memory-resident threats after an EDR alert

02Building a forensic timeline of attacker activity from volatile artifacts

03Extracting encryption keys and passwords from process memory during an incident

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-memory-dumps-with-volatility

For use in Claude.ai and ChatGPT

主な機能

01Automated OS detection and symbol table management for Volatility 3

02Advanced rootkit detection through process list and pool tag comparisons

03Cross-platform support for Windows, Linux, and macOS memory forensics

04In-memory code injection and process hollowing identification using malfind

05Extraction of network connections, registry keys, and cached credentials

064,121 GitHub stars

ユースケース

01Investigating fileless malware and memory-resident threats after an EDR alert

02Building a forensic timeline of attacker activity from volatile artifacts

03Extracting encryption keys and passwords from process memory during an incident

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-memory-dumps-with-volatility

For use in Claude.ai and ChatGPT