This is a complete memory forensics reference that covers both Volatility 2 and 3 command syntax, which matters because the tools handle profiles and plugins completely differently. The playbook walks through the full analysis chain: OS identification, hidden process detection via psscan vs pslist comparison, code injection hunting with malfind, credential extraction, and timeline reconstruction. It includes Linux-specific analysis and rootkit detection techniques that base models consistently miss. The malware indicators table is especially useful, like catching DKOM hiding when processes appear in pool scans but not the EPROCESS list, or spotting reflective DLL injection through ldrmodules output. Load this when you're doing incident response or malware analysis and need the exact command differences between Vol2 and Vol3 without constantly checking documentation.
npx skills add https://github.com/yaklang/hack-skills --skill memory-forensics-volatility