A sprawling forensics reference that covers the full CTF forensics spectrum, from standard Volatility memory analysis and PCAP inspection to genuinely obscure corners like ICMP timing channels, USB keyboard LED Morse exfiltration, and CD audio disc steganography. The skill is organized into a dozen supporting markdown files grouped by domain (disk, network, steganography, signals), each packed with one-liner commands and technique descriptions for challenges involving disk images, memory dumps, network captures, and hardware signals. It's built for Claude Code with bash and Python 3, expecting you to install tools like binwalk, Volatility, Wireshark, and various stego utilities as you go. The breadth is impressive but you'll need to know when to stop forensics and pivot to the crypto, malware, or reversing skills when you've extracted the real payload.
npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-forensics