memory-forensics-volatility
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents standard memory forensics procedures and Volatility command usage for incident response and malware analysis.
- [COMMAND_EXECUTION]: Provides templates for executing well-known forensic tools like Volatility, LiME, AVML, and WinPmem for evidence gathering from memory images.
- [DATA_EXPOSURE]: Describes methods for extracting sensitive artifacts such as SAM hashes, LSA secrets, and command history from memory dumps, which is a standard and intended function of forensic analysis.
- [EXTERNAL_DOWNLOADS]: References the installation of standard forensic libraries from official package registries (e.g., pip install volatility) and acquisition tools from reputable sources (e.g., Microsoft's AVML).
Audit Metadata