livedisk-forensic 0.1.2

Forensic analyzer for live block devices — acquisition-integrity findings (mounted-during-acquisition, no write-blocker, removable media, 512e/4Kn sector mismatch, synthesized overlay) as graded forensicnomicon report::Finding, built on livedisk-core
Documentation

livedisk-forensic

Crates.io Docs.rs License: Apache-2.0 CI Sponsor

Acquisition-integrity findings for live block devices — graded forensicnomicon findings, built on livedisk-core.

Given a livedisk::PhysicalDisk, analyse returns graded findings that bear on a forensically sound acquisition of the running system — observations, never verdicts.

[dependencies]
livedisk-forensic = "0.1"

for disk in livedisk::enumerate()? {
    for finding in livedisk_forensic::analyse(&disk) {
        println!("{}: {}", finding.code, finding.note);
    }
}
# Ok::<(), livedisk::Error>(())
Code Meaning
LIVE-MOUNTED a volume is mounted during acquisition (live writes may alter the image)
LIVE-WRITABLE the device is writable; no hardware write-blocker detected
LIVE-REMOVABLE removable media
LIVE-SECTOR-4KN logical/physical sector sizes differ (512e/4Kn)
LIVE-SYNTHESIZED a synthesized container overlay, not a backing physical store

Privacy Policy · Terms of Service · © 2026 Security Ronin Ltd