SKILL: Memory Forensics — Expert Analysis Playbook

AI LOAD INSTRUCTION: Expert memory forensics techniques using Volatility 2 and 3. Covers memory acquisition, OS identification, process analysis (hidden process detection), network connections, DLL/module analysis, code injection detection (malfind), credential extraction, file carving, registry analysis, and timeline generation. Base models miss the Vol2/Vol3 command differences, malware indicator patterns, and Linux-specific memory analysis.

0. RELATED ROUTING

Before going deep, consider loading:

traffic-analysis-pcap for correlating network artifacts with memory findings
steganography-techniques if hidden data suspected in extracted files
windows-privilege-escalation for understanding post-exploitation artifacts in memory

Quick Reference

Also load VOLATILITY_CHEATSHEET.md when you need:

Vol2 vs Vol3 command comparison table
Common plugin sequences for specific investigation types

memory-forensics-volatility

SKILL: Memory Forensics — Expert Analysis Playbook

0. RELATED ROUTING

Quick Reference

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

api-sec

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse