SIFTAgent
An MCP server that transforms Claude Code into an autonomous DFIR analyst by providing typed, audited forensic tools for disk, memory, timeline, registry, and IOC analysis on the SANS SIFT Workstation.
README
SIFTAgent
A typed, audited MCP server that turns Claude Code into an autonomous DFIR analyst on the SANS SIFT Workstation.
Built for the SANS FIND EVIL! hackathon. SIFTAgent is the Custom MCP Server architecture — the approach the hackathon's own materials call "the most architecturally sound" — designed specifically to beat Protocol SIFT's hallucination baseline.
Why this design wins on the judging criteria
| Criterion | How SIFTAgent addresses it |
|---|---|
| Autonomous execution quality | A playbook (playbooks/INVESTIGATION.md) drives a hypothesize → run → verify → self-correct loop. The agent retracts unsupported findings instead of asserting them. |
| IR accuracy | Findings cannot be recorded without citing real execution_ids that exist in the audit log — fabricated evidence is rejected at the API. Confidence levels separate confirmed from inferred. |
| Breadth & depth | Typed tools across disk (Sleuth Kit), memory (Volatility 3), timeline (plaso), registry (RegRipper), strings/IOCs, YARA, hashing. |
| Constraint implementation | Architectural, not prompt-based guardrails: a binary allowlist of read-only forensic tools, no shell=True anywhere, no generic "run command" path, write-flag rejection. Evidence cannot be modified. |
| Audit trail quality | Append-only JSONL log; every execution has a timestamp, exact argv, runtime, and SHA-256 output hash. Any finding links back to a specific tool execution. |
| Usability | One-command install, mock mode for offline testing, full test suite. |
Architecture
See docs/ARCHITECTURE.md (diagram + security boundaries). In short:
Claude Code ──MCP(stdio)──► SIFTAgent server
│
┌─────────────────────┼───────────────────────┐
▼ ▼ ▼
runner.py (guardrails) case.py (findings) iocs.py (parsing)
binary allowlist evidence-cited pure python
no shell, read-only verify/retract
│ │
▼ ▼
SIFT binaries ───────► audit.jsonl (timestamped, hashed)
(tsk, vol3, plaso, ▲
regripper, yara) │
incident-report.md (cites execution_ids)
Install on the SIFT Workstation
# On the SANS SIFT Workstation (Ubuntu-based; sleuthkit, volatility3,
# plaso, regripper, yara are pre-installed):
git clone <your-repo-url> siftagent && cd siftagent
python3 -m pip install -r requirements.txt # installs the `mcp` SDK
Connect to Claude Code
Add to your Claude Code MCP config (~/.claude.json or project .mcp.json):
{
"mcpServers": {
"siftagent": {
"command": "python3",
"args": ["-m", "siftagent.server"],
"cwd": "/home/sansforensics/siftagent",
"env": { "SIFTAGENT_LOG_DIR": "/cases/host01/logs" }
}
}
}
Then in Claude Code, paste playbooks/INVESTIGATION.md as your system steer (or
reference it) and say: "Investigate /cases/host01.E01 and /cases/host01.mem."
Run an investigation
Live (on SIFT):
export SIFTAGENT_LOG_DIR=/cases/host01/logs
# Claude Code drives the MCP tools per the playbook.
Offline / mock mode (Windows, macOS, CI — no SIFT needed):
SIFTAGENT_MODE=mock python -m siftagent.investigate
# Prints an evidence-cited incident report from synthetic fixtures.
SIFTAGENT_MODE=mock serves canned tool output from siftagent/fixtures/, so
the whole agent loop is reproducible without a disk image. Setting
SIFTAGENT_ALLOW_MOCK_FALLBACK=1 falls back to fixtures only when a binary is
absent — useful for partial environments.
Tools exposed
Case layer: open_case, add_hypothesis, update_hypothesis, add_finding,
verify_finding, retract_finding, generate_report, get_audit_entry.
Forensics: disk_partitions, disk_fs_info, disk_list_files,
disk_file_metadata, disk_read_file, timeline_bodyfile, timeline_plaso,
timeline_query, memory_analyze, registry_analyze, extract_strings,
extract_iocs, hash_file, file_type, yara_scan.
Tests
python -m pytest -q # 18 tests, all offline via fixtures
Covers guardrail enforcement, anti-hallucination citation checks, IOC parsing, and the full investigation pipeline including a self-correction/retraction case.
License
Apache-2.0. See LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.