What frameworks does this memory forensics skill support?

The skill is optimized for Volatility 3 and includes support for acquisition tools like WinPmem, LiME, and osxpmem across Windows, Linux, and macOS.

Can I use this for credential recovery?

Yes, it includes workflows for extracting Windows hashes, LSA secrets, and cached domain credentials from memory dumps.

Does it provide guidance on acquiring memory from virtual machines?

Yes, the skill includes specific instructions for extracting memory from VMware (.vmem), VirtualBox, QEMU, and Hyper-V environments.

How does it handle YARA integration?

It provides templates and commands for scanning both process memory and kernel memory using custom YARA rules within the Volatility framework.

Can this skill help detect sophisticated malware injection?

Yes, it includes specific detection patterns for techniques such as process hollowing, DLL injection, and thread execution hijacking using plugins like malfind and vadinfo.

Memory Forensics Mastery

Name: Memory Forensics Mastery
Author: wshobson

bywshobson

•

25,583

•

Security & Testing

Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility 3 and advanced detection patterns.

This skill empowers Claude with specialized knowledge for performing deep-dive memory forensics and malware analysis. It provides comprehensive workflows for acquiring memory from Windows, Linux, and macOS systems, alongside detailed guidance on utilizing the Volatility 3 framework to extract processes, network artifacts, and registry data. Whether you are investigating a security incident, hunting for rootkits, or analyzing sophisticated code injection techniques, this skill offers the structured patterns and command references needed to turn raw RAM captures into actionable intelligence.

Key Features

01Detailed Volatility 3 plugin references for process, network, and DLL analysis

0225,583 GitHub stars

03Advanced detection patterns for process hollowing, APC injection, and rootkits

04YARA integration for scanning memory dumps for known malware signatures

05Standardized workflows for incident response and malware investigation

06Comprehensive acquisition guides for Windows, Linux, macOS, and virtual machines

Use Cases

01Analyzing RAM captures to identify and extract hidden malware or rootkits

02Performing incident response by correlating memory artifacts with system timelines

03Extracting volatile credentials, command history, and network connections from live systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add wshobson/agents memory-forensics

For use in Claude.ai and ChatGPT

Download Skill