creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-16 07:53:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
757f1c8eae4e288d20f7dfde7f7a42a4d30cffc7
Anthropic-Cybersecurity-Skills/skills/performing-endpoint-forensics-investigation/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.1 KiB
Raw Blame History

API Reference — Performing Endpoint Forensics Investigation

Libraries Used

  • subprocess: Execute Windows forensic commands (wmic, netstat, reg, schtasks)
  • hashlib: Calculate MD5, SHA1, SHA256 hashes for evidence integrity
  • csv: Parse WMIC CSV output

CLI Interface

python agent.py triage      # Full forensic triage
python agent.py processes   # Running processes with PIDs and command lines
python agent.py network     # Active network connections
python agent.py autoruns    # Persistence entries
python agent.py hash --file <filepath>  # Hash file for evidence

Core Functions

full_triage() — Runs all collection functions

collect_system_info() — Hostname, OS version, network config, uptime

collect_running_processes() — Process list via wmic process get

collect_network_connections() — Active connections via netstat -ano

collect_autoruns() — Registry Run keys and scheduled tasks

hash_file(filepath) — MD5/SHA1/SHA256 hash calculation

Dependencies

No external packages — uses Windows built-in commands and Python stdlib.

Reference in New Issue View Git Blame Copy Permalink