breach-forensics
Installation
SKILL.md
Conducting Breach Investigation Forensics
Overview
When a personal data breach is confirmed, a thorough forensic investigation is essential to determine the breach scope (which personal data and data subjects were affected), the attack vector, the timeline of unauthorized activity, and the root cause. The investigation findings directly feed into the Art. 33 supervisory authority notification, the Art. 34 data subject communication, and the post-breach remediation plan. This skill provides the complete forensic investigation workflow, evidence handling procedures, and analysis techniques.
Evidence Preservation Protocol
Golden Rule: Preserve First, Analyze Second
The first priority upon breach confirmation is to preserve volatile evidence before it is overwritten or destroyed. Evidence must be collected in order of volatility: