forensics-osquery

Description

SQL-powered forensic investigation and system interrogation using osquery to query operating systems as relational databases. Enables rapid evidence collection, threat hunting, and incident response across Linux, macOS, and Windows endpoints. Use when: (1) Investigating security incidents and collecting forensic artifacts, (2) Threat hunting across endpoints for suspicious activity, (3) Analyzing running processes, network connections, and persistence mechanisms, (4) Collecting system state during incident response, (5) Querying file hashes, user activity, and system configuration for compromise indicators, (6) Building detection queries for continuous monitoring with osqueryd.

Tool Access

Full access

Inherits all available tools

Supporting Files

9 files

Additional assets for this skill

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

assets/forensic-packs/credential-access.conf

assets/forensic-packs/ir-triage.conf

assets/forensic-packs/lateral-movement.conf

assets/forensic-packs/persistence-hunt.conf

assets/osquery.conf

references/mitre-attack-queries.md

references/osqueryd-deployment.md

references/platform-differences.md

references/table-guide.md

Links

GitHub Stats

0 forks

Updated 22 days ago

Related Skills

bash-defensive-patterns

22.8K

Master defensive Bash programming techniques for production-grade scripts. Use when writing robust shell scripts, CI/CD pipelines, or system utilities requiring fault tolerance and safety.

From shell-scripting

bats-testing-patterns

22.8K

Master Bash Automated Testing System (Bats) for comprehensive shell script testing. Use when writing tests for shell scripts, CI/CD pipelines, or requiring test-driven development of shell utilities.

From shell-scripting

shellcheck-configuration

22.8K

Master ShellCheck static analysis configuration and usage for shell script quality. Use when setting up linting infrastructure, fixing code issues, or ensuring script portability.

From shell-scripting