What operating systems does this skill support?

This skill provides comprehensive forensic workflows and tool commands for Windows, Linux, and macOS memory environments, including virtual machine memory extraction.

How does this help with incident response?

It provides structured IR workflows for creating event timelines, auditing user activity, and identifying persistence mechanisms like scheduled tasks or malicious services directly from memory.

Which primary framework is used for analysis?

The skill focuses heavily on the Volatility 3 framework, providing specific plugin commands for process trees, network states, DLL lists, and registry analysis.

Can this skill help detect sophisticated malware?

Yes, it includes specific detection patterns for advanced techniques such as process hollowing, DLL injection, and rootkit activities using specialized memory scanning plugins.

Does it cover live memory acquisition?

Absolutely. It provides commands and best practices for tools like WinPmem, LiME, and various hypervisor-specific memory dumping methods to ensure forensic integrity.

Memory Forensics Mastery

Name: Memory Forensics Mastery
Author: nguyendinhquocx

bynguyendinhquocx

0•

安全与测试

Provides comprehensive guidance for acquiring, analyzing, and extracting forensic artifacts from volatile system memory across multiple operating systems.

This skill equips Claude with specialized knowledge for performing advanced memory forensics, focusing on the Volatility 3 framework and live acquisition techniques for Windows, Linux, and macOS. It streamlines the investigation process by providing standardized workflows for incident response and malware analysis, enabling users to detect hidden processes, identify code injection, analyze network connections, and extract critical system artifacts like registry hives or credentials from RAM captures. It is an essential companion for security researchers and incident responders looking to automate and standardize their memory analysis patterns.

主要功能

01Integration with YARA rules for targeted memory scanning and threat hunting

02Multi-platform memory acquisition using tools like WinPmem, LiME, and osxpmem

030 GitHub stars

04Advanced process and network analysis using the Volatility 3 framework

05Step-by-step workflows for malware analysis and rapid incident response

06Automated detection patterns for code injection and rootkit activity

使用场景

01Investigating a suspected data breach by analyzing a compromised server's RAM

02Performing deep-dive malware analysis to identify persistence mechanisms and C2 traffic

03Recovering volatile evidence like command history and active network connections during a live forensic investigation

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nguyendinhquocx/code-ai memory-forensics

For use in Claude.ai and ChatGPT

主要功能

01Integration with YARA rules for targeted memory scanning and threat hunting

02Multi-platform memory acquisition using tools like WinPmem, LiME, and osxpmem

030 GitHub stars

04Advanced process and network analysis using the Volatility 3 framework

05Step-by-step workflows for malware analysis and rapid incident response

06Automated detection patterns for code injection and rootkit activity

使用场景

01Investigating a suspected data breach by analyzing a compromised server's RAM

02Performing deep-dive malware analysis to identify persistence mechanisms and C2 traffic

03Recovering volatile evidence like command history and active network connections during a live forensic investigation