| name | digital-forensics |
| description | Digital forensics and malware analysis for evidence collection and investigation |
| sasmp_version | 1.3.0 |
| production_grade | true |
| last_updated | 2025-01-01 |
| bonded_agent | forensics-analyst |
| bond_type | PRIMARY_BOND |
| bond_strength | 1 |
| operations | [object Object] |
| validation | [object Object] |
| retry | [object Object] |
| observability | [object Object] |
| errors | [object Object] |
Digital Forensics Skill
Purpose: Investigation and evidence analysis.
Operations Overview
| Operation |
Input |
Output |
| acquire_evidence |
source, type |
path, hashes, custody |
| analyze_disk |
image_path |
artifacts, timeline |
| analyze_memory |
dump_path |
processes, malware |
| analyze_malware |
sample_path |
classification, iocs |
| extract_iocs |
evidence |
iocs, stix |
Chain of Custody Protocol
Evidence → Hash → Document → Copy → Verify → Analyze
Key Artifacts
| OS |
Artifact |
Location |
| Windows |
Prefetch |
C:\Windows\Prefetch |
| Windows |
Registry |
NTUSER.DAT |
| Linux |
auth.log |
/var/log |
Troubleshooting
Analysis Failed
│
├─► E_HASH_MISMATCH → Re-acquire or document
├─► E_EVIDENCE_CORRUPTED → Partial recovery
└─► E_FILE_NOT_FOUND → Verify path
Version History
| Version |
Date |
Changes |
| 2.0.0 |
2025-01-01 |
Production-grade upgrade |
| 1.0.0 |
2024-12-29 |
Initial release |