SOLVE-IT MCP Server Documentation¶
Welcome to the comprehensive documentation for the SOLVE-IT MCP Server - a production-ready Model Context Protocol server providing LLM access to the SOLVE-IT Digital Forensics Knowledge Base.
What is SOLVE-IT MCP Server?¶
SOLVE-IT MCP Server is a production-ready implementation that exposes the entire SOLVE-IT digital forensics knowledge base through 20+ specialized tools. It enables Large Language Models (LLMs) to assist with digital forensics investigations by providing programmatic access to:
- Techniques (T1001, T1002...): Digital forensic investigation methods
- Weaknesses (W1001, W1002...): Potential problems/limitations of techniques
- Mitigations (M1001, M1002...): Ways to address weaknesses
- Objectives: Categories that organize techniques by investigation goals
Quick Navigation¶
Getting Started¶
-
:material-rocket-launch: Quick Start Guide
Get up and running in 5 minutes with Docker or Python
-
:material-microscope: For Forensic Analysts
Practical guide for digital forensics professionals
-
:material-school: For Researchers
Academic usage, citation, and reproducibility guidelines
-
:material-puzzle: Troubleshooting
Common issues and solutions
Deployment¶
-
:material-docker: Docker Deployment
Complete guide for Docker-based deployments
-
:material-kubernetes: Kubernetes Deployment
Production Kubernetes setup with Helm charts
Reference Documentation¶
-
:material-tools: Tools Overview
Complete reference for all 20+ MCP tools
Architecture & Development¶
-
:material-sitemap: Architecture Overview
System design and components
-
:material-security: Security Model
Multi-layer security architecture
-
:material-file-code: Implementation Details
Technical implementation deep-dive
-
:material-test-tube: Testing Guide
Local and multi-arch testing
Key Features¶
- π Production-Ready Security: Alpine Linux base with zero CVEs, comprehensive security scanning
- π Multi-Platform Support: Native images for AMD64, ARM64, and ARMv7 (Raspberry Pi)
- π OpenTelemetry Observability: Built-in metrics, tracing, and logging
- β‘ High Performance: Optimized shared knowledge base, sub-second response times
- π Dual Transport Modes: HTTP/SSE for Kubernetes, stdio for desktop clients
- π¦ Minimal Footprint: 60MB Alpine-based image (highly optimized)
- βΈοΈ Kubernetes Native: Production-grade Helm charts with health checks and auto-scaling
About SOLVE-IT¶
SOLVE-IT (Standardized Framework for Investigation and Law Enforcement Operations in Technology) is a systematic digital forensics knowledge base inspired by MITRE ATT&CK. It provides comprehensive mappings of investigation techniques, their weaknesses, and mitigations.
Learn more: SOLVE-IT-DF/solve-it on GitHub
Project Links¶
- GitHub Repository: 3soos3/solve-it-mcp
- Docker Hub: 3soos3/solve-it-mcp
- GitHub Container Registry: ghcr.io/3soos3/solve-it-mcp
- Security Policy: SECURITY.md
- Issue Tracker: GitHub Issues
License & Citation¶
This project is licensed under the MIT License. If you use this software in forensic investigations or research, please cite it:
@software{solve_it_mcp,
author = {3soos3},
title = {SOLVE-IT MCP Server},
doi = {10.5281/zenodo.XXXXXXX},
url = {https://github.com/3soos3/solve-it-mcp}
}
See the For Researchers guide for detailed citation information.
Need Help?¶
- Documentation Issues: Check the Troubleshooting Guide
- Bug Reports: Open an issue on GitHub
- Security Vulnerabilities: See SECURITY.md
- General Questions: Start a discussion