memory-forensics
memory-forensics
Purpose
This skill enables analysis of volatile memory dumps using tools like Volatility to identify malware, rootkits, and security breaches, supporting digital forensics investigations.
When to Use
Use this skill during incident response for suspected breaches, when analyzing RAM dumps from compromised systems, or for proactive security assessments on endpoints with potential malware infections.
Key Capabilities
- Parse memory dumps to extract processes, network connections, and injected code using Volatility's plugins.
- Detect hidden processes and rootkits via checks for process hollowing or DKOM (Direct Kernel Object Manipulation).
- Analyze hibernation files or pagefiles for artifacts like command history or encryption keys.
- Support for multiple dump formats, including raw, VMware, and crash dumps, with automated profile detection.
Usage Patterns
Invoke this skill via CLI commands in a Python script or directly in a terminal. Always specify the memory dump file and required plugins. For automation, wrap commands in a function that handles file paths and outputs. Use environment variables for API keys if extending to cloud-based forensics tools.
More from alphaonedev/openclaw-graph
playwright-scraper
Playwright web scraping: dynamic content, auth flows, pagination, data extraction, screenshots
1.4Kgcp-iam
Manages identity and access control for Google Cloud resources using IAM policies and roles.
370humanize-ai-text
AI text humanization: reduce AI-detection patterns, natural phrasing, tone adjustment
261macos-automation
AppleScript, JXA, Shortcuts, Automator, osascript, System Events, accessibility API
173tavily-web-search
Tavily: web search optimized for AI agents, answer synthesis, domain filtering, depth control
155clawflows
OpenClaw workflow automation: multi-step task chains, conditional logic, triggers, schedule
102