How does the skill ensure evidence integrity?

The skill utilizes MD5 and SHA-256 hashing during the acquisition phase and includes a mandatory chain of custody protocol to verify that evidence remains untampered throughout the analysis.

Can this skill help with real-time incident response?

Yes, its ability to analyze memory dumps for injected code and active network connections makes it highly effective for identifying live threats during an active security incident.

Does it support standard threat intelligence formats?

Absolutely. The extract_iocs operation can output Indicators of Compromise directly into STIX-compliant bundles for easy integration with other security tools.

What happens if an evidence file is corrupted?

The skill includes specialized error handling (E_EVIDENCE_CORRUPTED) that triggers recovery protocols to document the damage and attempt partial data extraction where possible.

What types of artifacts can the disk analysis tool find?

It can extract a wide range of forensic artifacts including filesystem metadata, Windows Registry keys (like NTUSER.DAT), Prefetch files, and browser history.

Digital Forensics & Malware Analysis

Name: Digital Forensics & Malware Analysis
Author: pluginagentmarketplace

bypluginagentmarketplace

•

Security & Testing

Conducts professional-grade digital investigations and malware analysis with automated evidence collection and integrity verification.

About

The Digital Forensics skill transforms Claude into a specialized security analyst capable of performing deep-dive investigations into compromised systems. It provides a structured framework for acquiring evidence from disk images, memory dumps, and network traffic while maintaining a strict chain of custody through MD5 and SHA-256 hashing. Whether you are analyzing Windows registry artifacts, identifying fileless malware in volatile memory, or extracting STIX-compliant Indicators of Compromise (IOCs), this skill ensures your investigative workflow is production-grade, verifiable, and comprehensive.

Key Features

Volatile memory analysis to detect malicious processes and injected code
Comprehensive static and dynamic malware behavioral classification
Built-in chain of custody logging and automated IOC extraction
Deep artifact extraction for filesystems, registries, and browser history
Evidence acquisition across disk, memory, and network sources with hash verification
1 GitHub stars

Use Cases

Post-incident investigation to determine the root cause of a server breach
Scanning memory dumps for sophisticated fileless threats and unauthorized connections
Analyzing suspicious binaries to identify malicious behavior and extract network IOCs

About

Key Features

Volatile memory analysis to detect malicious processes and injected code
Comprehensive static and dynamic malware behavioral classification
Built-in chain of custody logging and automated IOC extraction
Deep artifact extraction for filesystems, registries, and browser history
Evidence acquisition across disk, memory, and network sources with hash verification
1 GitHub stars

Use Cases

Post-incident investigation to determine the root cause of a server breach
Scanning memory dumps for sophisticated fileless threats and unauthorized connections
Analyzing suspicious binaries to identify malicious behavior and extract network IOCs