{"slug":"x746b/mem_forensics-mcp","name":"Memory Forensics MCP Server","description":"Unified Memory Forensics MCP Server - Multi-tier engine combining Rust speed with Vol3 coverage.","category":"other","tags":[],"official":false,"stars":4,"transport":"stdio","install":[{"cmd":"pip install mem-forensics-mcp","imports":[]}],"tools":[{"name":"memory_analyze_image","description":"Initialize image, auto-detect profile"},{"name":"memory_run_plugin","description":"Run any plugin (Rust or Vol3)"},{"name":"memory_list_plugins","description":"List available plugins"},{"name":"memory_list_sessions","description":"List active sessions"},{"name":"memory_get_status","description":"Show engine status"},{"name":"memory_full_triage","description":"Complete automated investigation"},{"name":"memory_hunt_process_anomalies","description":"DKOM detection, parent-child validation"},{"name":"memory_get_process_tree","description":"Process tree with suspicious highlighting"},{"name":"memory_find_injected_code","description":"Code injection + YARA scanning"},{"name":"memory_find_c2_connections","description":"Network C2 detection"},{"name":"memory_get_command_history","description":"Command recovery + classification"},{"name":"memory_extract_credentials","description":"Hash/secret extraction via Vol3"},{"name":"memory_dump_process","description":"Process info and loaded DLLs"},{"name":"memory_dump_vad","description":"Examine memory region details"},{"name":"memory_list_dumpable_files","description":"List cached files"},{"name":"vt_lookup_hash","description":"VirusTotal hash lookup"},{"name":"vt_lookup_ip","description":"VirusTotal IP reputation"},{"name":"vt_lookup_domain","description":"VirusTotal domain reputation"},{"name":"vt_lookup_file","description":"Hash file + VT lookup"}],"env_vars":[],"auth_type":"none","github":"https://github.com/x746b/mem_forensics-mcp","homepage":"","server_url":"","status":"active","source":"mcpservers.org","updated_at":"Thu May 28"}