CISO Security KitDFIRAI CISO

Memory Forensics Basics

Volatility / Rekall based memory triage: process tree, injected code, network connections, credentials.

What this skill does

Memory Forensics Basics is a versioned playbook inside the CISO Security Kit. It runs on the AI CISO agent through the Procux skill runtime, producing structured, auditable output suitable for executive review and regulator submission.

Kit: CISO Security Kit
Category: DFIR
Primary agent(s): AI CISO
Tags: dfir, memory, volatility, rekall

How to use it

Sign in to your Procux workspace and open the platform dashboard.
Pick the AI CISO agent, then pick Memory Forensics Basics from the CISO Security Kit catalog.
Provide the required inputs (repo, document, endpoint, jurisdiction) — the agent runs the playbook and returns a structured report.
Review, iterate, or export (PDF / JSON / Markdown) as part of your internal review cycle.

Related skills

Incident Timeline Reconstruction
Correlate logs, alerts, and artifacts to build a defensible incident timeline for executive briefing and regulator disclosure.
Linux Artifact Collection
Live and dead-box Linux artifact triage: bash history, systemd units, /tmp, cron, lastlog, suid binaries.
LSASS Credential Dumping Detection
Detect Mimikatz / comsvcs / procdump patterns against LSASS via Sysmon event IDs 10 and 8.

← Back to full catalog