Investigation Report Generation
CommunityTurn triage outputs into an evidence-backed report.
Legal & Compliance#incident response#dfir#chain of custody#evidence integrity#investigation report#utc timeline#ioc reporting
Authorrjonhaas
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill turns completed DFIR analysis outputs and a finalized Common Operating Picture into a structured written investigation report without guessing or inventing facts.
Core Features & Use Cases
- Evidence-grounded report drafting: Produces timelines, scope reconstruction, and findings only from workflow output files.
- Operational integrity and auditability: Enforces UTC timestamps, chain-of-custody hashes, and citation requirements for every claim.
- Modular section coverage by case type: Conditionally includes sections such as web server triage, C2, credential access, persistence, anti-forensics, ransomware indicators, IOCs, memory/cloud/macOS analysis, and recommendations based on what evidence exists.
Quick Start
Use the investigation-report skill at case closure after the Investigation Section Chief has finalized the COP and completed analysis workflow outputs for the case directory.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Investigation Report Generation Download link: https://github.com/rjonhaas/SIFTics/archive/main.zip#investigation-report-generation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.