Module container 

Container-format detection (magic-sniff) — which decoder a disk image needs.

disk4n6 analyses a Read + Seek view of a disk. Most evidence arrives wrapped in a container (E01, VHD/VHDX, VMDK, QCOW2, AFF4, DMG); this sniffs the magic so an opener can pick the right decoder. The magics come from the forensicnomicon knowledge modules (single source of truth). A flat raw/dd image has no wrapper and is analysed in place.

Structs

OpenedImage

A decoded, analysable disk image.

Enums

ContainerFormat

A detected disk-image container format.

OpenError

Failure opening/decoding an image.

Traits

ReadSeek

Anything that can be both read and seeked — the disk view analyse_disk consumes. A blanket impl covers every Read + Seek, so a decoder’s reader or a plain File both box into Box<dyn ReadSeek>.

Functions

detect

Sniff the container format from a disk image’s header (its first bytes, ideally ≥512) and footer (its last 512 bytes — VHD’s conectix cookie and DMG’s koly trailer live at the end of the file).

open

Open path, sniff its container format, and return a decoded Read + Seek disk view: raw images pass through; E01/EWF is decoded; other recognized containers return OpenError::Unsupported.

sniff

Sniff the container format of a seekable image: read its header and trailing footer, classify via detect, and rewind the reader to 0 for the caller. A sub-512-byte image is read without a footer.