How does the skill ensure evidence integrity?

The skill utilizes MD5 and SHA-256 hashing during the acquisition phase and includes a mandatory chain of custody protocol to verify that evidence remains untampered throughout the analysis.

Can this skill help with real-time incident response?

Yes, its ability to analyze memory dumps for injected code and active network connections makes it highly effective for identifying live threats during an active security incident.

Does it support standard threat intelligence formats?

Absolutely. The extract_iocs operation can output Indicators of Compromise directly into STIX-compliant bundles for easy integration with other security tools.

What happens if an evidence file is corrupted?

The skill includes specialized error handling (E_EVIDENCE_CORRUPTED) that triggers recovery protocols to document the damage and attempt partial data extraction where possible.

What types of artifacts can the disk analysis tool find?

It can extract a wide range of forensic artifacts including filesystem metadata, Windows Registry keys (like NTUSER.DAT), Prefetch files, and browser history.

Digital Forensics & Malware Analysis

Name: Digital Forensics & Malware Analysis
Author: pluginagentmarketplace

bypluginagentmarketplace

•

Security & Testing

Conducts professional-grade digital investigations and malware analysis with automated evidence collection and integrity verification.

The Digital Forensics skill transforms Claude into a specialized security analyst capable of performing deep-dive investigations into compromised systems. It provides a structured framework for acquiring evidence from disk images, memory dumps, and network traffic while maintaining a strict chain of custody through MD5 and SHA-256 hashing. Whether you are analyzing Windows registry artifacts, identifying fileless malware in volatile memory, or extracting STIX-compliant Indicators of Compromise (IOCs), this skill ensures your investigative workflow is production-grade, verifiable, and comprehensive.

Key Features

01Volatile memory analysis to detect malicious processes and injected code

02Comprehensive static and dynamic malware behavioral classification

03Built-in chain of custody logging and automated IOC extraction

04Deep artifact extraction for filesystems, registries, and browser history

05Evidence acquisition across disk, memory, and network sources with hash verification

061 GitHub stars

Use Cases

01Post-incident investigation to determine the root cause of a server breach

02Scanning memory dumps for sophisticated fileless threats and unauthorized connections

03Analyzing suspicious binaries to identify malicious behavior and extract network IOCs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pluginagentmarketplace/custom-plugin-cyber-security forensics

For use in Claude.ai and ChatGPT

Download Skill