Skill UI

A detailed guide for conducting professional disk forensics investigations, covering the entire lifecycle from evidence acquisition to artifact analysis. This includes establishing a strict chain of custody, performing bit-for-bit forensic imaging using write blockers, identifying file system structures (MFT, inodes), recovering deleted files, analyzing key artifacts (Prefetch, Amcache), and reconstructing precise timelines of activity for incident response cases.

This skill guides comprehensive digital forensics investigations on compromised endpoints. It covers evidence collection (memory acquisition, disk imaging) and deep artifact analysis, including volatile data, MFT records, and prefetch files. Use it for incident response, legal evidence collection, and determining the scope of a breach by reconstructing attacker timelines.

This automated toolkit streamlines memory forensics using the Volatility3 framework. It is designed to analyze raw memory dumps from Windows, Linux, and macOS, revealing complex threats such as process injection, hidden rootkits, malicious code artifacts, and illicit network connections that traditional disk-based methods cannot detect. Essential for real-time incident response and deep security auditing.