← MCP catalog#029 · Digital Forensics
Volatility MCP
memory forensics with Volatility 3
Wraps Volatility 3 to let Claude run memory forensics plugins via natural language. Reportedly 5-10x faster than manual plugin selection and execution for triage.
Cost
Free · no API key
API key
Not required
Slug
volatility-mcp
MCP.md
---
name: volatility-mcp
category: digital-forensics
cost: free
api_key_required: no
repo: https://github.com/bornpresident/Volatility-MCP-Server
paired_skills: ["memory-acquisition-and-analysis"]
capabilities: ["memory-forensics", "malware-triage", "dfir"]
---
# Volatility MCP — memory forensics with Volatility 3
Wraps Volatility 3 to let Claude run memory forensics plugins via natural language. Reportedly 5-10x faster than manual plugin selection and execution for triage.
## Install
```
pip install volatility-mcp-server
```
Requires Volatility 3 installed separately:
```
pip install volatility3
```
## Configuration
```json
{
"mcpServers": {
"volatility": {
"command": "volatility-mcp-server"
}
}
}
```
## What it adds
Claude runs Volatility plugins against a memory dump — `windows.pslist` for running processes, `windows.malfind` for injected code, `linux.bash` for shell history, `windows.netscan` for network connections, `windows.dumpfiles` for file extraction. Converts "which processes were running?" from a manual plugin-by-plugin workflow into a natural-language query.
## Pairs with skills
- 071 `memory-acquisition-and-analysis`
## Cost
Free. Volatility 3 is open source.Pairs with skills
- #071memory-acquisition-and-analysis
This MCP gives your agent the tools to execute the workflow described by these skills — instead of just describing it.
Bundled in the Toolkit
This MCP is one of 36 pre-configured servers in the Investigator's MCP Toolkit. One-command installer, $149 one-time.
Pricing