performing-disk-forensics-investigation

Installation
SKILL.md

Performing Disk Forensics Investigation

When to Use

  • A security incident requires forensic analysis of a system's persistent storage
  • Evidence preservation is needed for potential legal proceedings or HR investigations
  • Deleted files, browser history, or application artifacts must be recovered
  • A timeline of user or adversary activity must be reconstructed from file system metadata
  • Malware persistence mechanisms stored on disk need identification and documentation

Do not use for volatile evidence (running processes, network connections); use memory forensics with Volatility instead.

Prerequisites

Installs
35
GitHub Stars
24.7K
First Seen
Mar 18, 2026
performing-disk-forensics-investigation — mukul975/anthropic-cybersecurity-skills