Digital Forensics Pro
Acquire it correctly. Document every step.
Imaging with chain of custody, mobile extraction (iOS + Android), live and memory triage, browser and registry artifacts, malware triage, media authentication, IoT and vehicle infotainment. Plus the standard DFIR toolchain.
2026.6 edition · revised continuously
What this bundle gives the agent that ChatGPT alone won't.
High-level summary, no protocol
Says 'use a forensic imaging tool' and lists names. Doesn't walk through write-blocking, hashing, or documentation.
Evidence-grade imaging workflow
Runs evidence-acquisition-workflow → write-blocker-and-hashing-protocol → disk-imaging-with-chain-of-custody → autopsy-investigation-workflow for analysis. Produces a hash-verified image and a complete custody log.
Every skill in this bundle.
All 54 skills, grouped by category. Every skill ships as a full folder — SKILL.md plus runnable scripts, legal references, and field checklists.
Digital forensics — acquisition
8 skills- 068Evidence Acquisition Workflow
- 069Disk Imaging With Chain of Custody
- 070Write Blocker and Hashing Protocol
- 071Memory Acquisition and Analysis
- 072Mobile Extraction IOS
- 073Mobile Extraction ANDROID
- 074Cloud Evidence Preservation
- 075Live System Triage
Digital forensics — analysis
15 skills- 076Browser Artifact Analysis
- 077Email Header Forensics
- 078Windows Registry Forensics
- 079Macos System Forensics
- 080Linux System Forensics
- 081File Carving and Recovery
- 082Timeline Reconstruction
- 083Log Correlation Multi Source
- 084Pcap and Network Forensics
- 085Malware Triage Static
- 086Malware Triage Dynamic
- 087Ransomware Incident Triage
- 088Document Forensics Pdf
- 089Document Forensics Office
- 090USB and Removable Media Forensics
Digital forensics — media authentication
8 skills- 091Steganography Detection
- 092Deepfake and Synthetic Media Detection
- 093Audio Authentication
- 094Video Forensics Frame Analysis
- 095Image Manipulation Detection
- 096IOT Device Forensics
- 097Vehicle Infotainment Forensics
- 645Generative AI Content Detection
IoT / smart device specific
11 skills- 566Apple Watch and Wearable Forensics
- 567Fitbit and Garmin Data Investigation
- 568Ring and Doorbell Camera Investigation
- 569Nest and Thermostat Data Investigation
- 570Alexa Echo Investigation
- 571Google Home Investigation
- 572SMART TV Investigation
- 573SMART Lock and Access Control Investigation
- 574Connected Car Infotainment Deep
- 575Vehicle EDR Airbag Control Module Extraction
- 653Drone and Uas Forensics
DFIR tools
12 skills- 576Autopsy Investigation Workflow
- 577FTK and FTK Imager Workflow
- 578Encase Investigation Workflow
- 579X Ways Forensics Workflow
- 580Magnet Axiom Workflow
- 581Cellebrite UFED Workflow
- 582Graykey and IOS Extraction Workflow
- 583Volatility Memory Analysis
- 584Plaso Log2timeline Workflow
- 585KAPE Collection Workflow
- 586Velociraptor Investigation Workflow
- 587Wireshark and Zeek Investigative Use
Skills that stay current.
Buy Digital Forensics Pro once to own it, frozen at this edition. Add the Update Subscription ($10/mo) and every revision to everything you own lands on your machine as we ship it — new case law, new platforms, new tactics. Cancel anytime; downloads stay yours.
How it worksGive the agent real tools.
36 pre-vetted MCP servers (Maigret, Shodan, Wayback, EdgarTools, Etherscan, Volatility, +30 more) wired into Claude Code / Desktop / Cursor / Windsurf so your agent actually runs the tools — not just suggests them.
What's in the toolkitRun agents in parallel.
Orchestrator.md — one file that makes an advanced LLM automatically spin up multiple agents at once (people, businesses, case-facts review, report writing) and merge them into one case file. Free with the all-bundle package, or $100 on its own.
See the example