competition-forensic-timeline
CommunityTurn artifacts into a clear forensic timeline.
Authorxjtu-wang
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Reconstruct a reliable incident chronology by cross-correlating diverse artifacts (EVTX, PCAP, registry, memory, mail traces, and more) after sandbox assumptions are established.
Core Features & Use Cases
- Correlate cross-source artifacts using shared identifiers (PID, logon ID, GUID, message ID, hostname, IP).
- Build a compact, defendable timeline that highlights the decisive steps from initial access to persistence or exfiltration.
- Preserve both raw artifacts and parsed summaries to ensure traceability and auditability.
- Use Case: Investigate a multi-faceted compromise by turning scattered evidence into an ordered sequence of attacker actions.
Quick Start
Provide a cross-artifact dataset (EVTX, PCAP, registry, memory) after sandbox assumptions are set, and have the skill reconstruct a replayable incident timeline.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: competition-forensic-timeline Download link: https://github.com/xjtu-wang/DigAgent/archive/main.zip#competition-forensic-timeline Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.