← Back to Skills

Memory Forensics

🌐Community
by wshobson · vlatest · Repository

Analyzes system memory to uncover hidden data, malware traces, and past activity – crucial for incident investigation & threat hunting.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add memory-forensics npx -- -y @trustedskills/memory-forensics
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "memory-forensics": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/memory-forensics"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The memory-forensics skill enables AI agents to analyze and extract information from system memory dumps. It supports identifying running processes, detecting anomalies in memory usage, and uncovering hidden or malicious activity by inspecting memory artifacts.

When to use it

  • Investigating suspicious behavior on a compromised system
  • Analyzing memory dumps for signs of malware or rootkits
  • Forensic analysis after a security incident
  • Troubleshooting unexpected application crashes or performance issues

Key capabilities

  • Memory dump parsing and analysis
  • Process and thread identification in memory
  • Detection of hidden processes or injected code
  • Extraction of artifacts such as network connections, loaded modules, and registry keys

Example prompts

  • "Analyze this memory dump for signs of malware."
  • "List all running processes from the provided memory image."
  • "Check for anomalies in memory usage patterns."

Tips & gotchas

  • Ensure you have proper access rights to memory dumps and system files.
  • Memory analysis can be resource-intensive; use dedicated tools or environments for large datasets.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
wshobson
Installs
2.5k
Repository (canonical source) →

🌐 Community

Passed automated security scans.