Skill UI

Performs full disk forensic imaging and analysis using FTK Imager, Autopsy, Sleuth Kit, and related utilities to recover deleted data, verify evidence integrity, and rebuild user or adversary timelines for incident response and legal investigations.

Guides the capture and analysis of volatile and persistent data on compromised endpoints, covering memory acquisition, disk imaging, artifact parsing, and timeline reconstruction for incident response and legal evidence.

Performs comprehensive investigations into insider threat incidents by pairing digital forensics, user behavior analytics, and HR/legal coordination to validate allegations, collect covert evidence, and support security actions when employees or trusted partners misuse privileged access.

Workflow for collecting, parsing, and correlating Windows, Linux, and web logs to rebuild timelines, surface malicious actions, and support forensic reporting during incident investigations.

Systematically audit Windows and Linux autostart mechanisms, registry hives, scheduled tasks, and WMI entries to map how malware survives reboots and maintain access during incident response or threat hunting.