disk-forensics
CommunityForensic disk analysis to uncover artifacts.
AuthorSherifEldeeb
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analyze disk images and file systems for forensic investigations. This skill helps investigators uncover artifacts, recover deleted data, and build a comprehensive storage-media timeline during incident response.
Core Features & Use Cases
- Disk Image Acquisition: Create forensically sound disk images with integrity verification.
- File System Analysis: Parse and analyze NTFS, FAT, EXT, HFS+, APFS file systems.
- Deleted File Recovery: Recover deleted files using carving and file system metadata.
- MFT Analysis: Inspect NTFS Master File Table for file metadata and timestamps.
- Slack Space Analysis: Examine slack space for hidden or residual data.
- Alternate Data Streams: Detect and extract NTFS ADS content.
- File Signature Analysis: Verify file signatures and detect mismatched extensions.
- Volume Shadow Copy Analysis: Analyze Windows VSS for previous file versions.
- Partition Analysis: Detect hidden partitions and analyze partition tables.
- Hash Analysis: Compute and verify file hashes and check against known databases.
Quick Start
Use the disk-forensics skill to initialize a DiskAnalyzer with a disk image path, list volumes, recover deleted files, analyze MFT entries, and export reports.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: disk-forensics Download link: https://github.com/SherifEldeeb/agentskills/archive/main.zip#disk-forensics Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.