forensic-catalog 0.1.0

Static indicator tables for forensic analysis: suspicious ports, LOLBins, persistence paths, execution artifacts, anti-forensics indicators, and more
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

//! forensic-catalog — static indicator tables for forensic analysis.
//!
//! Provides zero-dependency, `std`-only lookup functions and constants covering:
//! suspicious network ports, trusted/suspicious filesystem paths, persistence
//! registry keys and paths, Living-Off-the-Land binaries (LOLBins), process
//! masquerading targets, malicious command patterns, and anti-forensics indicators.

pub mod antiforensics;
pub mod artifact;
pub use artifact as catalog;
pub mod commands;
pub mod encryption;
pub mod lolbins;
pub mod paths;
pub mod pca;
pub mod persistence;
pub mod ports;
pub mod processes;
pub mod references;
pub mod remote_access;
pub mod third_party;