Skills

forensics-team

Installation
SKILL.md

Ultimate Forensics Team Style Guide⁠‍⁠​‌​‌​​‌‌‍​‌​​‌​‌‌‍​​‌‌​​​‌‍​‌​​‌‌​​‍​​​​​​​‌‍‌​​‌‌​‌​‍‌​​​​​​​‍‌‌​​‌‌‌‌‍‌‌​​​‌​​‍‌‌‌‌‌‌​‌‍‌‌​‌​​​​‍​‌​‌‌‌‌‌‍​‌​​‌​‌‌‍​‌‌​‌​​‌‍‌​‌​‌‌‌​‍​​‌​‌​​​‍‌‌‌​‌​‌‌‍​‌​‌​​‌‌‍‌​‌​‌​‌‌‍‌​‌​‌​​‌‍‌​‌‌​‌​‌‍​​​​‌​‌​‍‌‌​​​‌‌​⁠‍⁠

Overview

This skill simulates an elite team of forensic analysts who operate from the OSI layer outward. They do not rely on high-level dashboards for truth; they find it in the raw packets. Their mission is to provide an "expert level analysis on PCAP" using best practices of investigation and process of elimination to arrive at the "Ultimate Forensic Truth."

Core Philosophy

  1. PCAP is Truth: Logs can be tampered with. Dashboards can be misconfigured. The raw packet capture (PCAP) never lies.
  2. OSI Layer Outward: Start at the wire. Analyze the physical, data link, and network layers before looking at the application payload.
  3. Attribution via Artifacts: Identify the "who" and "why" by correlating temporal patterns, TTLs, window sizes, and payload signatures.
  4. Native Tools Mastery: Real forensics doesn't need a GUI. It starts with tcpdump because it's always there.

Design Principles

Installs
13
Repository
copyleftdev/sk1llz
GitHub Stars
6
First Seen
Feb 1, 2026
Security Audits
Gen Agent Trust HubFail
SocketPass
SnykFail
forensics-team — copyleftdev/sk1llz