Memory Forensics Playbook

Trust Score 78/100

Practical guidance and commands for acquiring, analyzing, and extracting artifacts from memory dumps using tools like Volatility3 and common acquisition methods

triggers:memory forensicsacquire memoryvolatilitymemory analysisyara scandump memory

GitHub SKILL.md

What it does

Provides a comprehensive memory forensics playbook: acquisition steps for live systems and VMs, Volatility 3 usage and essential plugins (process, network, DLL analysis), detection patterns (injection, rootkits), YARA integration, and analysis workflows for malware and incident response. Includes best practices for acquisition, integrity verification, and documentation.

When to use it

Use when performing memory acquisition or analysis during incident response, malware analysis, or forensic investigations. Suitable for analysts needing concrete commands, Volatility plugin examples, and stepwise workflows from acquisition to reporting. Not for unrelated tasks.

What's included

Scripts: None bundled (has_scripts=false)
References: Points to implementation-playbook and symbol resources mentioned in the skill body (has_references=false in repo bundle)
Instructions: Detailed acquisition commands across platforms, Volatility 3 usage examples, analysis workflows (malware and IR), detection rules, YARA examples, and best practices for chain-of-custody and validation.

Compatible agents

Agents that can run or orchestrate forensic tooling and present command outputs (e.g., Copilot-style agents, Claude Code, or custom forensic automation integrations).

Audit Summary

A comprehensive memory forensics reference skill covering acquisition, Volatility3 analysis, malware detection workflows, YARA rules, and best practices. No scripts included — purely informational. SKILL.md references an implementation-playbook.md resource that was not bundled with the skill, reducing practical usability. Trigger conditions are overly broad.

Watch Out

References resources/implementation-playbook.md which is not included in the skill bundle
Trigger condition 'Working on memory forensics tasks' is too broad and may activate inappropriately
No actual executable scripts — purely reference content

Notes

Well-written reference material for memory forensics practitioners. Covers Windows, Linux, and macOS acquisition and analysis. Includes useful YARA rule examples and detection patterns. Main issues: (1) no bundled scripts despite referencing an implementation playbook, (2) vague trigger conditions, (3) monolithic structure with no separation into references/ or scripts/ directories. Not malicious — purely educational/reference content with no security concerns.

Information

Repository: opencode-skills-collection
Stars: 23
Installs: 0

Trust Score

Overall78

Security100

Code Quality62

Architecture45

Usefulness52

More from opencode-skills-collection

Python Performance Optimization

Profile, analyze, and optimize Python applications for CPU and memory efficiency using profiling tools and performance best practices.

API Security Testing Workflow

Structured workflow for testing REST and GraphQL API security: auth, authorization, rate limiting, input validation and error handling.

Azure AI Projects SDK (TypeScript)

TypeScript SDK and examples for managing Azure AI Projects: agents, connections, deployments, datasets, indexes, and evaluations.

Testing Patterns & Utilities

Guidelines and utilities for TDD, factory-based test data, mocking strategies, and testing patterns for React/TypeScript projects.

Skill Optimizer

Diagnose and optimize Agent Skills (SKILL.md) using session transcripts and static analysis to improve triggers, workflows, and token efficiency.

Reverse Engineer

Guided methodology and best practices for binary reverse engineering, covering static and dynamic analysis workflows and common tooling.

Related Skills

Caveman Compress

Compress natural-language memory files into a compact 'caveman' format to save LLM tokens while preserving code, links, and structure.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Minimal Run & Audit (repro reporting)

Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r

Go Data Structures

Authoritative guidance on choosing and using Go built-in and standard-library data structures, with practical best practices for slices, maps, arrays, container

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.

Memory Search

Search past coding sessions and observations using natural-language queries to retrieve decisions, notes, and context.

Dune Analytics (MoonPay Integration)

Run Dune SQL and saved queries via the Dune REST API for on-chain analytics; pairs with MoonPay CLI to create/fund wallets for analysis.

Back to Skills