Module normalize 

Normalize each scheme’s native analysis into the shared forensicnomicon::report model, so disk4n6 (and a future GUI) render one uniform Report instead of N bespoke XxxAnalysis types.

Functions

apm_findings

Normalize an Apple Partition Map analysis.

apm_provenance

Provenance breadcrumbs from an APM analysis.

gpt_findings

Normalize a GPT analysis.

gpt_provenance

Provenance breadcrumbs from a GPT analysis.

iso_findings

Normalize an ISO 9660 analysis into findings via the shared Observation trait (iso9660-forensic 0.5.0 onward re-exports report::Severity and implements Observation, like the rest of the fleet).

iso_provenance

Provenance breadcrumbs from an ISO 9660 volume. Temporal facts (creation, modification, authoring window) are normalized into the iso_timeline instead; empty PVD strings are dropped rather than emitted as noise.

iso_report

Build the unified Report from an ISO 9660 analysis.

iso_timeline

Reconstruct the volume’s datable biography from an ISO 9660 analysis: the PVD creation/modification stamps and the file-recorded-time authoring window.

mbr_findings

Normalize an MBR analysis. Findings carry their byte offset as evidence (sourced from the analyzer’s Observation::evidence).

mbr_provenance

Provenance breadcrumbs from an MBR analysis.

report

Build the unified Report from a DiskReport. A GPT disk contributes both its protective-MBR and parsed-GPT findings and provenance.