volatility3-mcp
11
Volatility3 MCP Server integrates the Volatility3 memory forensics framework with MCP clients, enabling natural language interface for memory analysis and malware detection. It supports both Windows and Linux, aiming to make memory forensics accessible to non-experts.
initialize_memory_file
Set up memory dump files for analysis
detect_os
Operating system that identifies memory dumps
list_plugins
Show all available Volatility3 plugins
get_plugin_info
Get detailed information about a specific plugin
run_plugin
Execute any Volatility3 plugin with custom parameters
get_processes
List all running processes in the memory dump
get_network_connections
View all network connections in the system
list_process_open_handles
Check the files and resources accessed by the process
scan_with_yara
Scan malicious patterns in memory using YARA rules