leviathan-driver 0.3.0

Windows kernel-mode EDR/XDR driver framework in Rust - callbacks, filters, detection, forensics
1
2
3
4
5
6
7
8
9
10
11
12
13

//! Forensics and Detection Modules
//!
//! Tools for memory forensics, artifact detection, and system analysis:
//! - Pool tag scanning for kernel object discovery
//! - EPROCESS/ETHREAD enumeration
//! - Hidden process/driver detection
//! - IRP stack analysis
//! - Memory scanning for signatures/patterns

pub mod pool_scanner;
pub mod process_enum;
pub mod irp_analysis;
pub mod memory_scanner;