{"slug":"x746b/winforensics-mcp","name":"winforensics-mcp","description":"A comprehensive MCP server for Windows digital forensics on KALI Linux","category":"other","tags":[],"official":false,"stars":18,"transport":null,"install":[{"cmd":"pip install -e","imports":[]}],"tools":[{"name":"investigate_execution","description":"Correlates Prefetch + Amcache + SRUM to answer 'Was this binary executed?'"},{"name":"investigate_user_activity","description":"Correlates Browser + ShellBags + LNK + RecentDocs for user activity timeline"},{"name":"hunt_ioc","description":"Searches for IOC (hash/filename/IP/domain) across ALL artifact sources + optional YARA scanning"},{"name":"hunt_ioc_pack","description":"Hunts behavioral IoCs from bundled/external metadata packs such as impacket-iocs"},{"name":"build_timeline","description":"Builds unified forensic timeline from multiple sources"},{"name":"ingest_parsed_csv","description":"Import Eric Zimmerman tool CSV output (MFTECmd, PECmd, AmcacheParser)"}],"env_vars":["VIRUSTOTAL_API_KEY"],"auth_type":"none","github":"https://github.com/x746b/winforensics-mcp","homepage":"","server_url":"","status":"active","source":"mcpservers.org","updated_at":"Thu May 28"}