E01 LNK MCP Server for Digital Forensics

E01 LNK MCP Server for Digital Forensics

Enables digital forensic analysis of Windows shortcut (LNK) files from E01 disk images. Supports automatic partition detection, LNK file extraction, metadata parsing, and timeline analysis through MCP-compatible agents.

Category
Visit Server

README

E01 LNK MCP Server for Digital Forensics

E01 디스크 이미지를 분석하여 윈도우 단축파일(LNK) 아티팩트를 추출하고 파싱하는 MCP(Model Context Protocol) 서버입니다. MCP를 지원하는 에이전트와 연동하여 분석을 수행할 수 있습니다.

✨ 주요 기능

  • High Entropy 해결: pyewf를 사용하여 압축된 E01 컨테이너를 올바르게 처리합니다.
  • 자동 파티션 탐지: MBR/GPT 파티션을 분석하여 NTFS 파일시스템을 자동으로 찾습니다.
  • 5가지 분석 도구:
    1. scan_lnk_in_e01: 전체 LNK 파일 검색
    2. extract_lnk_by_inode: 특정 LNK 파일 추출
    3. parse_lnk: LNK 메타데이터 상세 파싱
    4. auto_extract_and_parse_lnk: 검색+추출+파싱 자동화 (DFIR 요약)
    5. extract_lnk_timeline: 타임라인 분석

설치 방법 (Windows 기준)

이 프로젝트는 Python 3.12 환경에 최적화되어 있습니다. 의존성 관리를 위해 uv 사용을 권장합니다.

1. Python 3.12 가상환경 생성

uv python install 3.12
uv venv .venv --python 3.12
.venv\Scripts\activate

2. 의존성 설치

pytsk3와 libewf의 호환성을 위해 반드시 아래 명령어로 설치하세요.

uv pip install -r requirements.txt

🚀 사용 방법 (Claude Desktop) claude_desktop_config.json 파일에 아래 설정을 추가하세요. (경로는 본인의 설치 위치에 맞게 수정해야 합니다.)

{
  "mcpServers": {
    "lnk-forensics": {
      "command": "C:\\Path\\To\\Your\\.venv\\Scripts\\python.exe",
      "args": [
        "C:\\Path\\To\\Your\\e01_lnk_mcp_server.py"
      ]
    }
  }
}

⚠️ 주의사항 Python 버전: requirements.txt에 명시된 pytsk3 휠 파일은 Python 3.12 전용입니다. 다른 버전을 사용할 경우 해당 버전에 맞는 .whl 링크로 교체해야 합니다.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
E2B

E2B

Using MCP to run code via e2b.

Official
Featured