Is the forensic guidance platform-specific?

No, it offers specialized forensic techniques and command sets tailored for Windows, Linux, and macOS environments, including kernel-level data structures.

How does it assist in malware detection?

It provides detection patterns for common injection techniques like process hollowing and APC injection, along with instructions for using YARA rules to scan memory.

What tools are covered for memory acquisition?

The skill covers industry-standard tools including WinPmem for Windows, LiME for Linux, and osxpmem for macOS, as well as methods for virtual machines like VMware and QEMU.

Can it help extract credentials from a memory dump?

Yes, it includes workflows for extracting Windows hashes, LSA secrets, and cached credentials using specific forensic plugins.

Does this skill help with Volatility 3 commands?

Yes, it provides a detailed reference for Volatility 3 plugins covering process listing (pslist), network scanning (netscan), DLL analysis, and registry hive extraction.

Memory Forensics Guide

Name: Memory Forensics Guide
Author: duanbiao2000

byduanbiao2000

0•

보안 및 테스팅

Facilitates advanced memory acquisition, process analysis, and artifact extraction for incident response and malware investigations.

This skill provides comprehensive guidance on performing memory forensics across Windows, Linux, and macOS environments. It equips Claude with the knowledge to assist in acquiring memory dumps, utilizing the Volatility 3 framework for deep process and network analysis, detecting code injection or rootkits, and performing YARA-based memory scanning. It is an essential resource for security professionals performing incident response or malware analysis where volatile data is critical to understanding a system's state and identifying sophisticated, fileless threats.

주요 기능

01Structured malware analysis and incident response workflows

020 GitHub stars

03Deep Volatility 3 plugin mastery for process, network, and registry analysis

04YARA rule integration for targeted scanning of suspicious memory regions

05Advanced detection patterns for memory injection, hollowing, and rootkits

06Multi-platform memory acquisition techniques for Windows, Linux, and macOS

사용 사례

01Investigating a suspected data breach by analyzing live RAM for unauthorized network connections

02Deconstructing sophisticated malware that resides only in volatile memory using Volatility 3

03Identifying hidden processes or rootkits that evade standard operating system monitoring tools

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add duanbiao2000/obsidiandoc26 memory-forensics

For use in Claude.ai and ChatGPT

Download Skill