What frameworks does this memory forensics skill support?

The skill is optimized for Volatility 3 and includes support for acquisition tools like WinPmem, LiME, and osxpmem across Windows, Linux, and macOS.

Can I use this for credential recovery?

Yes, it includes workflows for extracting Windows hashes, LSA secrets, and cached domain credentials from memory dumps.

Does it provide guidance on acquiring memory from virtual machines?

Yes, the skill includes specific instructions for extracting memory from VMware (.vmem), VirtualBox, QEMU, and Hyper-V environments.

How does it handle YARA integration?

It provides templates and commands for scanning both process memory and kernel memory using custom YARA rules within the Volatility framework.

Can this skill help detect sophisticated malware injection?

Yes, it includes specific detection patterns for techniques such as process hollowing, DLL injection, and thread execution hijacking using plugins like malfind and vadinfo.

Memory Forensics Mastery

Name: Memory Forensics Mastery
Author: wshobson

bywshobson

•

25,583

Security & Testing

Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility 3 and advanced detection patterns.

About

This skill empowers Claude with specialized knowledge for performing deep-dive memory forensics and malware analysis. It provides comprehensive workflows for acquiring memory from Windows, Linux, and macOS systems, alongside detailed guidance on utilizing the Volatility 3 framework to extract processes, network artifacts, and registry data. Whether you are investigating a security incident, hunting for rootkits, or analyzing sophisticated code injection techniques, this skill offers the structured patterns and command references needed to turn raw RAM captures into actionable intelligence.

Key Features

Detailed Volatility 3 plugin references for process, network, and DLL analysis
25,583 GitHub stars
Advanced detection patterns for process hollowing, APC injection, and rootkits
YARA integration for scanning memory dumps for known malware signatures
Standardized workflows for incident response and malware investigation
Comprehensive acquisition guides for Windows, Linux, macOS, and virtual machines

Use Cases

Analyzing RAM captures to identify and extract hidden malware or rootkits
Performing incident response by correlating memory artifacts with system timelines
Extracting volatile credentials, command history, and network connections from live systems

About

Key Features

Detailed Volatility 3 plugin references for process, network, and DLL analysis
25,583 GitHub stars
Advanced detection patterns for process hollowing, APC injection, and rootkits
YARA integration for scanning memory dumps for known malware signatures
Standardized workflows for incident response and malware investigation
Comprehensive acquisition guides for Windows, Linux, macOS, and virtual machines

Use Cases

Analyzing RAM captures to identify and extract hidden malware or rootkits
Performing incident response by correlating memory artifacts with system timelines
Extracting volatile credentials, command history, and network connections from live systems