back
loading skill details...
>-
SKILL: Memory Forensics — Expert Analysis Playbook AI LOAD INSTRUCTION: Expert memory forensics techniques using Volatility 2 and 3. Covers memory acquisition, OS identification, process analysis (hidden process detection), network connections, DLL/module analysis, code injection detection (malfind), credential extraction, file carving, registry analysis, and timeline generation. Base models miss the Vol2/Vol3 command differences, malware indicator patterns, and Linux-specific memory analysis. 0. RELATED ROUTING Before going deep, consider loading: traffic-analysis-pcap for correlating network artifacts with memory findings steganography-techniques if hidden data suspected in extracted files windows-privilege-escalation for understanding post-exploitation artifacts in memory Quick Reference Also load VOLATILITY_CHEATSHEET.md when you need: Vol2 vs Vol3 command comparison table Common plugin sequences for specific investigation types
don't have the plugin yet? install it then click "run inline in claude" again.