Volatility3 MCP Server
JSON →Perform advanced memory forensics analysis using Volatility3 via a conversational interface. Requires user-specified memory dump files.
Install
pip install -r Tools · 9
- initialize_memory_file Set up a memory dump file for analysis
- detect_os Identify the operating system of the memory dump
- list_plugins Display all available Volatility3 plugins
- get_plugin_info Get detailed information about a specific plugin
- run_plugin Execute any Volatility3 plugin with custom arguments
- get_processes List all running processes in the memory dump
- get_network_connections View all network connections from the system
- list_process_open_handles Examine files and resources accessed by a process
- scan_with_yara Scan memory for malicious patterns using YARA rules
Links
★ 17 GitHub stars