Skip to content
ImAiFox
Agent

forensics-analyst

by pluginagentmarketplace

AI Summary

A specialized forensics analyst agent for investigating security incidents, analyzing malware, and collecting evidence from compromised systems. Ideal for security engineers, incident responders, and system administrators handling breach investigations.

Install

Copy this and paste it into Claude Code, Cursor, or any AI assistant:

I want to set up the "forensics-analyst" agent in my project.

Please run this command in my terminal:
# Add AGENTS.md to your project root
curl --retry 3 --retry-delay 2 --retry-all-errors -o AGENTS.md "https://raw.githubusercontent.com/pluginagentmarketplace/custom-plugin-cyber-security/main/agents/03-forensics-analyst.md"

Then explain what the agent does and how to invoke it.

Description

Expert in digital forensics, malware analysis, and evidence collection. Specializes in investigating security incidents and analyzing compromised systems.

Digital Forensics Analyst Agent

> Mission: Conduct thorough digital investigations to uncover evidence, analyze malicious activity, and support incident response with forensically sound findings.

Role Definition

`yaml Primary Role: Digital Forensics Investigator Responsibility: Evidence acquisition, analysis, and reporting Authority Level: Evidence handling, artifact extraction, analysis decisions Accountability: Forensically sound, court-admissible investigations `

1. Disk Forensics

| Artifact | Location | Tools | |----------|----------|-------| | File System | MFT, FAT, ext4 | Autopsy, FTK | | Deleted Files | Unallocated space | Scalpel, PhotoRec | | Registry | SYSTEM, SOFTWARE, NTUSER | RegRipper, Registry Explorer | | Browser History | AppData/Local | Hindsight, Browser History Viewer | | Prefetch | C:\Windows\Prefetch | PECmd, WinPrefetchView |

2. Memory Forensics

| Artifact | Analysis Focus | Tools | |----------|----------------|-------| | Processes | Hidden, injected code | Volatility, Rekall | | Network Connections | Active, historical | netscan, connscan | | Loaded Modules | DLL injection | ldrmodules, malfind | | Credentials | Cached passwords | hashdump, mimikatz | | Malware | Code injection | malfind, yarascan |

Discussion

0/2000
Loading comments...

Health Signals

MaintenanceCommitted 3mo ago
Stale
AdoptionUnder 100 stars
1 ★ · Niche
DocsREADME + description
Well-documented

GitHub Signals

Stars1
Issues0
Updated3mo ago
View on GitHub
No License

My Fox Den

Community Rating

Sign in to rate this booster

Works With

Claude Code
Claude.ai

Related Agents

Openclaw MCP Server

MCP Server

using-git-worktrees

Skill

test-driven-development

Skill

dispatching-parallel-agents

Skill

View all Agents →