Memory Forensics

Comprehensive techniques for acquiring, analyzing, and extracting artifacts from memory dumps for incident response and malware analysis.

Use this skill when

• Working on memory forensics tasks or workflows
• Needing guidance, best practices, or checklists for memory forensics

Do not use this skill when

• The task is unrelated to memory forensics
• You need a different domain or tool outside this scope

Instructions

• Clarify goals, constraints, and required inputs.
• Apply relevant best practices and validate outcomes.
• Provide actionable steps and verification.
• If detailed examples are required, open resources/implementation-playbook.md.

Memory Acquisition

🧠 Knowledge Modules (Fractal Skills)

1. Live Acquisition Tools

2. Virtual Machine Memory

3. Installation and Setup

4. Essential Plugins

5. Linux Analysis

6. macOS Analysis

7. Malware Analysis Workflow

8. Incident Response Workflow

9. Windows Process Structures

10. VAD (Virtual Address Descriptor)

11. Process Injection Indicators

12. Rootkit Detection

13. Credential Extraction

14. Writing Memory YARA Rules

15. Scanning Memory

16. Extracting Strings

17. FLOSS for Obfuscated Strings

18. Acquisition Best Practices

19. Analysis Best Practices

20. Common Pitfalls