Forensics Server

v1.1.0

A powerful MCP server built with NitroStack

Connection Setup

Add via Cursor Settings UI (Settings > Features > MCP > Add New MCP Server):

{
  "mcpServers": {
    // your other mcp servers
    "forensics-server": {
      "url": "https://forensics-6a5ab163-nexora-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Connect remote tools directly via Claude's Web UI:

Add custom connector BETA
Connect Claude to your data and tools. Learn more about connectors or get started with pre-built ones.
Advanced settings
Only use connectors from developers you trust. Anthropic does not control which tools developers make available and cannot verify that they will work as intended or that they won't change.

Configure custom tools directly via ChatGPT's Web UI:

New App
PNG only. Best results at 256 x 256 px or larger. Max file size: 10 KB
Custom MCP servers introduce risk. Learn more
OpenAI hasn't reviewed this MCP server. Attackers may attempt to steal your data or trick the model into taking unintended actions, including destroying data.

Add the following configuration block under mcpServers in your Antigravity configuration file (~/.gemini/config/mcp_config.json):

{
  "mcpServers": {
    // your other mcp servers
    "forensics-server": {
      "serverUrl": "https://forensics-6a5ab163-nexora-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Add the following configuration block to your Codex configuration file (~/.codex/config.toml):

[mcp_servers.forensics-server]
url = "https://forensics-6a5ab163-nexora-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"

Connect directly using the Server-Sent Events endpoint:

https://forensics-6a5ab163-nexora-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp
Available Tools
extract-metadata

Extract metadata from a file using exiftool, compute SHA256 hash, and check for MIME type mismatch

extract-strings

Extract readable strings from a file and scan for suspicious patterns (IPs, URLs, keywords)

analyze-binary-sections

Run objdump -h for section headers (name, size, VMA) and objdump -d --no-show-raw-insn for disassembly (first 200 lines) on a binary file

check-threat-intel

Check file hash reputation against threat intelligence databases

windows-image-info

Get OS and memory-image metadata from a Windows memory dump via Docker forensic-vol (windows.info). Call first when analyzing a dump.

windows-pslist

List processes from a Windows memory dump via Docker forensic-vol (windows.pslist: PID, PPID, name, etc.).

windows-cmdline

Extract process command lines from a Windows memory dump via Docker forensic-vol (windows.cmdline).

windows-registry-hivelist

List registry hives in a Windows memory dump via Docker forensic-vol (windows.registry.hivelist).