windows-analysis
CommunityStreamline Windows DFIR investigations with targeted Velociraptor analysis.
Product & Management#investigation#incident response#windows#forensics#velociraptor#digital forensics#artifact collection
Authormgreen27
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill simplifies the workflow for analyzing Windows systems by enabling targeted artifact collection and investigation using Velociraptor.
Core Features & Use Cases
- Investigation Workflow: Guides analysts through collecting and reviewing Windows event logs, registry data, and file activity artifacts.
- Targeted Data Collection: Allows focused retrieval of suspicious processes, execution traces, or persistence mechanisms on Windows hosts.
- Use Case: An investigator suspects malicious activity on a Windows machine and runs a Velociraptor-based query to identify malicious binaries, then records the hashes and metadata for further analysis.
Quick Start
Run Windows analysis artifacts against a Velociraptor client to identify suspicious artifacts or collect specific evidence.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: windows-analysis Download link: https://github.com/mgreen27/dfir-skills/archive/main.zip#windows-analysis Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.