Sift MCP (Docker edition)

Enables digital forensics investigation by exposing SANS SIFT tools (The Sleuth Kit, Volatility 3, Plaso, etc.) as callable MCP tools, running in a self-contained Docker container with safe, allowlisted commands.

→ FornixII/SiftDockerMCP · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

19 tools verified — handlers match their declared behaviour

14 read-only tools verified — handlers contain no write/delete/exec

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configSIFT_PORT

configSIFT_EVIDENCE_ROOT

configSIFT_OUTPUT_ROOT

configSIFT_TIMEOUT— 600 Default per-command timeout (s)

configSIFT_MAX_OUTPUT_CHARS— 60000 Output truncation limit

configSIFT_HOST

configSIFT_TRANSPORT

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/fornixii-siftdockermcp-wdp7zi)](https://m8ven.ai/mcp/fornixii-siftdockermcp-wdp7zi)

commit: 60c0b605d705fc51538c155d060d6120d7cf8fd6

code hash: 489259df7ebc2815b3ba9faec33aeaa55277d1c4ecbc56fe5d1e731b749b6e55

verified: 6/18/2026, 11:20:32 AM

view raw JSON →