mbr-partition-forensic 0.5.0

Forensic MBR analyzer — structural anomaly detection, gap analysis, slack-space carving, wipe and bootkit detection, and filesystem fingerprinting as graded forensicnomicon report::Finding, built on mbr-partition-core
Documentation 
1
2
3
4
5
6
7
8

//! Known boot-sector-malware marker detection.
//!
//! The marker data and the matching logic are centralized in the
//! `forensicnomicon` knowledge crate ([`forensicnomicon::bootkit`]); this module
//! re-exports them so `mbr_partition_forensic::bootkit::{scan, KNOWN_SIGNATURES}`
//! call sites keep working. A match raises [`crate::AnomalyKind::KnownBootkit`].

pub use forensicnomicon::bootkit::{scan, BootkitMarker, BOOTKIT_MARKERS as KNOWN_SIGNATURES};