Which log formats does this skill support?

It supports a wide range of formats including Windows Event Logs (EVTX), Linux syslogs (auth.log, kern.log), web server logs (Apache, Nginx), and structured application logs in JSON or CSV.

Does it ensure the integrity of the collected logs?

Yes, the workflow explicitly includes steps for evidence preservation and integrity verification using SHA-256 hashing to help maintain a proper chain of custody.

Is specialized software required to use this skill?

The skill utilizes industry-standard open-source tools such as python-evtx, libevtx-utils, ausearch, and jq, which are commonly available in forensic Linux environments.

Can this skill help detect lateral movement within a network?

Yes, it includes specific patterns and Event ID filters (like 4648 and 4624 Type 3/10) to identify RDP usage, pass-the-hash attacks, and explicit credential usage across multiple systems.

Forensic Log Analysis & Investigation

Name: Forensic Log Analysis & Investigation
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Performs comprehensive log collection, parsing, and correlation to reconstruct security incident timelines and identify forensic evidence.

This skill empowers AI agents to conduct deep-dive digital forensic investigations by automating the processing of Windows Event Logs, Linux syslogs, and application data. It provides structured workflows for evidence preservation, multi-source event correlation, and timeline reconstruction, enabling analysts to pinpoint initial access vectors, lateral movement, and data exfiltration patterns. It is particularly useful for incident responders and security analysts who need to build a defensible chronology of events across diverse IT environments following a suspected breach.

Key Features

01Pre-configured queries for identifying common attack patterns like RDP and Lateral Movement

02Automated parsing of Windows EVTX and Linux syslog formats

03Evidence integrity verification using SHA-256 hashing

044,121 GitHub stars

05Cross-platform event correlation for unified timeline generation

06Structured forensic report generation for incident documentation

Use Cases

01Reconstructing the timeline of a post-breach security incident

02Detecting brute force attacks and unauthorized administrative changes

03Investigating insider threats and unauthorized data access patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-log-analysis-for-forensic-investigation

For use in Claude.ai and ChatGPT

Key Features

01Pre-configured queries for identifying common attack patterns like RDP and Lateral Movement

02Automated parsing of Windows EVTX and Linux syslog formats

03Evidence integrity verification using SHA-256 hashing

044,121 GitHub stars

05Cross-platform event correlation for unified timeline generation

06Structured forensic report generation for incident documentation

Use Cases

01Reconstructing the timeline of a post-breach security incident

02Detecting brute force attacks and unauthorized administrative changes

03Investigating insider threats and unauthorized data access patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-log-analysis-for-forensic-investigation

For use in Claude.ai and ChatGPT