Memory Forensics MCP Server
JSON →Unified Memory Forensics MCP Server - Multi-tier engine combining Rust speed with Vol3 coverage.
Install
pip install mem-forensics-mcp Tools · 19
- memory_analyze_image Initialize image, auto-detect profile
- memory_run_plugin Run any plugin (Rust or Vol3)
- memory_list_plugins List available plugins
- memory_list_sessions List active sessions
- memory_get_status Show engine status
- memory_full_triage Complete automated investigation
- memory_hunt_process_anomalies DKOM detection, parent-child validation
- memory_get_process_tree Process tree with suspicious highlighting
- memory_find_injected_code Code injection + YARA scanning
- memory_find_c2_connections Network C2 detection
- memory_get_command_history Command recovery + classification
- memory_extract_credentials Hash/secret extraction via Vol3
- memory_dump_process Process info and loaded DLLs
- memory_dump_vad Examine memory region details
- memory_list_dumpable_files List cached files
- vt_lookup_hash VirusTotal hash lookup
- vt_lookup_ip VirusTotal IP reputation
- vt_lookup_domain VirusTotal domain reputation
- vt_lookup_file Hash file + VT lookup
Links
★ 4 GitHub stars