collecting-volatile-evidence-from-compromised-host

This module is a dual-use incident-response/live-response data collection tool that executes a fixed set of OS interrogation commands and writes the resulting (potentially highly sensitive) host state to local files and a JSON manifest. In this fragment there is no evidence of malware behaviors such as exfiltration, persistence, or credential theft; however, its broad reconnaissance capability (process/network/users/routing/DNS/tasks) makes it a security-sensitive component that should be controlled, permissioned, and confined to authorized use.