MCP.so
登录

Unified Memory Forensics MCP Server

@x746b

关于 Unified Memory Forensics MCP Server

Unified Memory Forensics MCP Server - Multi-tier engine combining Rust speed with Vol3 coverage.

基本信息

分类

记忆与知识

许可证

MIT

运行时

rust

传输方式

stdio

发布者

x746b

提交者

xtk

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "mem-forensics-mcp": {
      "command": "uv",
      "args": [
        "run",
        "--directory",
        "/opt/mem_forensics-mcp",
        "python",
        "-m",
        "mem_forensics_mcp.server"
      ],
      "env": {
        "VOLATILITY3_PATH": "/opt/volatility3"
      }
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Unified Memory Forensics MCP Server?

A three-tier memory forensics engine that combines the speed of a Rust-based backend (memoxide) with the coverage of the Volatility3 framework. It is designed for digital forensics and incident response (DFIR) professionals analyzing memory dumps.

How to use Unified Memory Forensics MCP Server?

Install via uv pip install mem-forensics-mcp or from source with uv sync --extra full. Add to Claude CLI using claude mcp add mem-forensics-mcp. Invoke tools like memory_analyze_image, memory_full_triage, or memory_run_plugin with an image path.

Key features of Unified Memory Forensics MCP Server

  • Three-tier automatic routing: Rust, Python, Volatility3
  • Fast pslist, psscan, cmdline, dlllist, malfind, netscan, and more
  • Automated anomaly detection (DKOM, C2, injected code)
  • Credential extraction and YARA scanning
  • VirusTotal threat intelligence integration
  • Prebuilt Rust binaries for Linux aarch64 and x86_64

Use cases of Unified Memory Forensics MCP Server

  • Analyze a Windows memory dump for suspicious processes and injected code
  • Run full triage with risk scoring and correlation of findings
  • Drill down into specific processes or plugins (e.g., malfind, filescan)
  • Extract credentials, network connections, and command history
  • Integrate with VirusTotal to enrich indicators of compromise

FAQ from Unified Memory Forensics MCP Server

What runtime does it require?

Python 3.10+ and the uv package manager. Rust is optional (prebuilt binaries provided for Linux aarch64 and x86_64).

How does it handle Volatility3?

If Volatility3 is installed at /opt/volatility3 it is auto-detected; otherwise set VOLATILITY3_PATH environment variable.

Where do the memory analysis results live?

Results are returned as JSON during tool calls; no persistent storage is mentioned.

What are the known limitations?

The README does not mention explicit limitations. The tiered architecture routes slow Vol3 plugins to Tier 3 automatically.

What transports or authentication does it use?

The server uses the Model Context Protocol (MCP) over stdio. No authentication mechanism is described.

评论

记忆与知识 分类下的更多 MCP 服务器