This repository was archived by the owner on Feb 27, 2026. It is now read-only.
Releases: scriptedstatement/windows-triage-mcp
Releases · scriptedstatement/windows-triage-mcp
Triage Databases v2025.02
Pre-built Triage Databases
Download these instead of building from source (saves 6-8+ hours).
Contents
| Database | Size | Compressed | Contents |
|---|---|---|---|
| known_good.db | 5.6 GB | 1.1 GB | 2.7M file paths, 8M hashes, 254 OS versions |
| context.db | 2.4 MB | 567 KB | 227 LOLBins, 1983 drivers, 2286 DLLs, 57 process rules |
Quick Install
cd forensic-triage-mcp
./scripts/download-databases.shOr manually:
curl -LO <asset-url>/known_good.db.zst
curl -LO <asset-url>/context.db.zst
zstd -d known_good.db.zst -o data/known_good.db
zstd -d context.db.zst -o data/context.dbStaying Current
After initial download, use incremental updates:
python scripts/update_sources.py --pullData Sources
- VanillaWindowsReference (file baselines)
- LOLBAS (LOLBins)
- LOLDrivers (vulnerable drivers)
- HijackLibs (DLL hijacking)
- MemProcFS (process expectations)