============================================================
  Available Analysis Workflows
============================================================

  static-analysis-workflow
    Static Properties Analysis
    Systematic static examination of a suspicious file
    without executing it. Works for PE, ELF, .NET,
    scripts, and documents.

  behavioral-analysis-workflow
    Behavioral Analysis
    Monitor runtime behavior in an isolated environment.
    Applicable to any executable or script on Linux
    (REMnux) or Windows.

  network-interception-workflow
    Network Traffic Interception
    Redirect and analyze malware network traffic in an
    isolated REMnux environment. Covers DNS, HTTP,
    HTTPS, and raw IP interception.

  document-analysis-workflow
    Malicious Document Analysis
    Analyze suspicious documents (PDF, Office, RTF,
    OneNote) for embedded malware, macros, and exploits.
    Follows Zeltser's 6-step methodology.

  javascript-deobfuscation-workflow
    JavaScript Deobfuscation
    Deobfuscate and analyze malicious JavaScript from
    web pages, email attachments, or document macros.

  unpacking-workflow
    Unpacking Packed Executables
    Unpack compressed, encrypted, or obfuscated
    executables to reveal the original code. Covers
    automated and manual techniques.

  code-injection-workflow
    Code Injection Analysis
    Identify and analyze process injection techniques
    including DLL injection, process hollowing, and
    reflective loading.

  dotnet-analysis-workflow
    .NET Malware Analysis
    Analyze .NET malware using decompilation, debugging,
    and deobfuscation. Works for .NET Framework, .NET
    Core, and mixed-mode assemblies.

  shellcode-analysis-workflow
    Shellcode Analysis
    Analyze extracted shellcode from documents,
    exploits, or injected processes. Covers detection,
    emulation, and payload identification.

  string-deobfuscation-workflow
    String & Data Deobfuscation
    Decode obfuscated strings and data in malware.
    Covers XOR, Base64, stack strings, custom
    algorithms, and multi-layer encoding.

  memory-forensics-workflow
    Memory Forensics
    Analyze memory dumps to find malware artifacts,
    injected code, and hidden processes. Uses Volatility
    3 framework on REMnux.

  android-analysis-workflow
    Android Malware Analysis
    Analyze suspicious Android APK files using static
    and dynamic techniques available in REMnux.

  java-analysis-workflow
    Java Malware Analysis
    Analyze malicious Java archives (JAR), applets, and
    compiled classes. Covers decompilation and code
    analysis.

  email-analysis-workflow
    Email & Phishing Analysis
    Analyze suspicious email messages for phishing
    indicators, malicious attachments, and weaponized
    links.

  cobalt-strike-workflow
    Cobalt Strike Analysis
    Analyze Cobalt Strike beacons, configurations, and
    network traffic using Didier Stevens' CS toolkit on
    REMnux.

────────────────────────────────────────────────────────────
  Usage: fhelp workflow <name>
  Example: fhelp workflow static-analysis
