A comprehensive forensics skill that covers memory dump analysis with Volatility 3, from acquisition through artifact extraction. It walks you through the full investigation workflow: dumping live memory with tools like WinPmem, running essential plugins like pslist and malfind to spot process injection, detecting rootkits through DKOM analysis, and extracting network connections and registry artifacts. The code samples cover Windows, Linux, and macOS analysis with concrete command examples for each platform. Most useful when you're investigating malware infections, analyzing suspicious processes, or need to reconstruct what happened during a security incident from RAM captures.
npx skills add https://github.com/wshobson/agents --skill memory-forensics