Volatility-MCP-Server

Volatility-MCP-Server

16
security

The Volatility MCP Server is designed to streamline memory forensics by allowing investigators to use natural language to interact with memory dumps. It integrates the Volatility 3 framework with MCP-compatible LLMs like Claude, enabling broader accessibility and efficiency in digital investigations.

list_available_plugins

Show all available Volatility plugins

get_image_info

Provide information about memory dump files

run_pstree

Show process hierarchy

run_pslist

List processes in the process list

run_psscan

Scan the process, including possible hidden processes

run_netscan

Show network connections in memory dump

run_malfind

Detect potential code injection

run_cmdline

Display the command line parameters of the process

run_dlllist

List the process loaded DLLs

run_handles

Show file handles and other system handles

run_filescan

Scan the file object in memory

run_memmap

Displays memory maps for specific processes

run_custom_plugin

Run any Volatility plugin and customize the parameters

list_memory_dumps

Find memory dumps in directory