osquery Forensics & Incident Response Overview osquery transforms operating systems into queryable relational databases, enabling security analysts to investigate compromises using SQL rather than traditional CLI tools. This skill provides forensic investigation workflows, common detection queries, and incident response patterns for rapid evidence collection across Linux, macOS, and Windows endpoints. Core capabilities : - SQL-based system interrogation for process, network, file, and user analysis - Cross-platform forensic artifact collection (Linux, macOS, Windows) - Live system analysis wi…