Home / Code/Dev Tools / SAVVYDFIR-MCP

SAVVYDFIR-MCP

kismatkunwar89/SAVVYDFIR-MCP
★ 1 stars Python Code/Dev Tools Updated 2d ago
AI-driven DFIR framework: an MCP server that turns Claude Code into an autonomous digital-forensics analyst on SANS SIFT - correlates disk + memory evidence, enforces a deterministic evidence-provenance gate, and produces auditable, hash-chained investigation reports.
View on GitHub → Try with Claude — $10 free →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "savvydfir-mcp": {
      "command": "uvx",
      "args": [
        "savvydfir-mcp"
      ]
    }
  }
}

Or install with pip: pip install savvydfir-mcp

README Excerpt

> DFIR MCP server for SIFT Workstation that correlates disk and memory evidence, tracks provenance, and produces investigation reports. --- > **📌 Judged submission = tag [`v1.1.1`](https://github.com/kismatkunwar89/SAVVYDFIR-MCP/releases/tag/v1.1.1). Latest release = [`v1.2.2`](https://github.com/kismatkunwar89/SAVVYDFIR-MCP/releases/tag/v1.2.2).**

Tools (15)

Uncategorizedartifact_absentbuild_timelinecase_idclaudedisk_imagesgenerate_reportincident_dateinvestigation_goalknown_iocsmax_iterationsmemory_dumpsmoderun_analysisvenv

Topics

anthropicclaudedfirdigital-forensicsforensicsincident-responsemcpmemory-forensicsmodel-context-protocolsecuritysiftthreat-hunting

Related Code/Dev Tools Servers

python-sdk ★ 22.1K
The official Python SDK for Model Context Protocol servers and clients
Code/Dev Tools Python
typescript-sdk ★ 11.8K
The official TypeScript SDK for Model Context Protocol servers and clients
Code/Dev Tools TypeScript
inspector ★ 9.0K
Visual testing tool for MCP servers
Code/Dev Tools TypeScript
awesome-mcp-clients ★ 6.3K
A collection of MCP clients.
Code/Dev Tools