Stats
Actions
Tags
Extracts Linux memory using LiME kernel module and analyzes with Volatility 3 for processes, network connections, bash history, kernel modules, and injected code in incident response.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:analyzing-memory-forensics-with-lime-and-volatilityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
使用 LiME 内核模块采集 Linux 内存,然后使用 Volatility 3 从内存镜像中提取取证制品。
使用 LiME 内核模块采集 Linux 内存,然后使用 Volatility 3 从内存镜像中提取取证制品。
# LiME 内存采集
insmod lime-$(uname -r).ko "path=/evidence/memory.lime format=lime"
# Volatility 3 分析
vol3 -f /evidence/memory.lime linux.pslist
vol3 -f /evidence/memory.lime linux.bash
vol3 -f /evidence/memory.lime linux.sockstat
import volatility3
from volatility3.framework import contexts, automagic
from volatility3.plugins.linux import pslist, bash, sockstat
# Volatility 3 编程方式使用
context = contexts.Context()
automagics = automagic.available(context)
关键分析步骤:
# 完整取证工作流
vol3 -f memory.lime linux.pslist | grep -v "\[kthread\]"
vol3 -f memory.lime linux.bash
vol3 -f memory.lime linux.malfind
vol3 -f memory.lime linux.lsmod
npx claudepluginhub killvxk/cybersecurity-skills-zhAcquires Linux memory with LiME kernel module and analyzes with Volatility 3 to extract processes, network connections, bash history, kernel modules, and injected code for incident response.
Performs Linux memory acquisition with LiME and analysis with Volatility 3. Extracts processes, network connections, bash history, and kernel modules for incident response.
Acquires Linux memory with LiME kernel module and analyzes images with Volatility 3 to extract processes, bash history, network connections, and kernel modules during incident response.