Stats
Actions
Tags
From cybersecurity-skills
Acquires Linux memory with LiME kernel module and analyzes images with Volatility 3 to extract processes, bash history, network connections, and kernel modules during incident response.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:analyzing-memory-forensics-with-lime-and-volatilityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When investigating security incidents that require analyzing memory forensics with lime and volatility
Acquire Linux memory using LiME kernel module, then analyze with Volatility 3 to extract forensic artifacts from the memory image.
# LiME acquisition
insmod lime-$(uname -r).ko "path=/evidence/memory.lime format=lime"
# Volatility 3 analysis
vol3 -f /evidence/memory.lime linux.pslist
vol3 -f /evidence/memory.lime linux.bash
vol3 -f /evidence/memory.lime linux.sockstat
import volatility3
from volatility3.framework import contexts, automagic
from volatility3.plugins.linux import pslist, bash, sockstat
# Programmatic Volatility 3 usage
context = contexts.Context()
automagics = automagic.available(context)
Key analysis steps:
# Full forensic workflow
vol3 -f memory.lime linux.pslist | grep -v "\[kthread\]"
vol3 -f memory.lime linux.bash
vol3 -f memory.lime linux.malfind
vol3 -f memory.lime linux.lsmod
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsAcquires Linux memory with LiME kernel module and analyzes images with Volatility 3 to extract processes, bash history, network connections, and kernel modules during incident response.
Acquires Linux memory with LiME kernel module and analyzes with Volatility 3 to extract processes, network connections, bash history, kernel modules, and injected code for incident response.
Performs Linux memory acquisition with LiME and analysis with Volatility 3. Extracts processes, network connections, bash history, and kernel modules for incident response.