Crate apm_partition_forensic 

Forensic anomaly auditor for Apple Partition Maps.

Reads partition-map geometry via the apm parser crate and grades it into severity-ranked findings on the shared forensicnomicon::report model. Each finding is an observation (“consistent with …”); the examiner draws the conclusions.

The forensic checks (overlaps, out-of-bounds, map-count inconsistency, residual/hidden entries, unmapped regions) live in analyse; the finding types live in findings.

Re-exports

pub use findings::Anomaly;

pub use findings::AnomalyKind;

pub use findings::ApmAnalysis;

Modules

findings

Forensic finding types for Apple Partition Map analysis.

Structs

ApmPartition

One Apple Partition Map entry.

ApplePartitionMap

A parsed Apple Partition Map.

Enums

Error

Crate-level error type. (Manual impl — no thiserror dependency.)

Severity

The canonical 5-level severity scale, shared across every SecurityRonin analyzer via forensicnomicon::report. Severity of a forensic finding (Info < Low < Medium < High < Critical).

Functions

analyse

Perform a full forensic analysis of an Apple Partition Map.

analyse_reader

Analyse an Apple Partition Map read from a seekable image.

parse

Parse an Apple Partition Map from a buffer beginning at the device start (block 0 = Driver Descriptor Map). Returns None without the ER/PM signatures or if the buffer is too short.