Expand description
Pure-Rust forensic ISO 9660 reader.
Handles multi-session discs, Rock Ridge (RRIP), Joliet (UCS-2 filenames), El Torito boot images, and 2352-byte raw CD sectors.
Re-exports§
pub use error::IsoError;pub use file_reader::IsoFileReader;pub use pvd::IsoDateTime;pub use sector::SectorMode;pub use audit::BothEndianMismatch;pub use audit::GapHit;pub use audit::PreSysHit;pub use audit::SlackHit;pub use audit::SymlinkIssue;pub use dir::DirRecord;pub use dir::FILE_FLAG_MULTI_EXTENT;
Modules§
- audit
- Forensic audit types for ISO 9660 structural integrity checks.
- bw5
- BlindWrite 5/6/7 (
.b5t/.b6t) TOC image detection. - ccd
- CloneCD
.ccdcontrol-file parser. - cdi
- DiscJuggler (CDI) image detection and track-table decoding.
- cdtext
- CD-Text decoding (MMC-3 Annex J).
- cdtoc
- CD Table of Contents and disc identification.
- cue
- CUE sheet parser for BIN/CUE disc images.
- dir
- ISO 9660 Directory Record parsing and iteration.
- el_
torito - El Torito boot specification — CD bootable images.
- error
- file_
reader - Streaming file reader (
IsoFileReader) implementingstd::io::Read. - findings
- ISO 9660 forensic findings: severity, anomaly classification, and the analysis result.
- mds
- Alcohol 120% MDS/MDF image parser.
- nrg
- Nero NRG image parser.
- offset
- A windowing adapter that presents a byte sub-range of a
Read + Seekas a standalone stream starting at offset 0. - path_
table - ISO 9660 Path Table parsing and Type-L ↔ Type-M cross-validation.
- pvd
- ISO 9660 Volume Descriptor parsing.
- rock_
ridge - Rock Ridge Interchange Protocol (RRIP) — IEEE P1282 System Use extensions.
- sector
- Sector abstraction: 2048-byte ISO mode and 2352-byte raw CD mode.
- session
- Multi-session ISO support.
- subq
- CD subchannel Q decoding (ECMA-130 §22).
- toc
- CDRDAO
.tocparser for TOC/BIN optical images.
Structs§
- Analyse
Options - Options controlling
analyse_with_options. Currently empty; reserved for future toggles (slack carving, full directory-record redundancy walk, …). - Boot
Record - One El Torito boot entry, summarised for the provenance report.
- File
Hash - SHA-256 hash of a file in the ISO.
- IsoAnalysis
- Result of a forensic analysis of an ISO 9660 volume.
- IsoReader
- Forensic ISO 9660 reader.
- IsoVolume
Info - Volume provenance summary — the authoring/context “breadcrumbs” a forensic report leads with. All fields are observations from the active session’s PVD.
- Lost
File - A file found inside an orphaned directory extent — present on the disc but not reachable from the active directory tree (a recovered “lost” file).
- Path
Table Audit - Result of comparing the L-path table against the directory tree.
- Timeline
Entry - A directory entry with its modification timestamp for timeline analysis.
- Tool
Fingerprint - Mastering-tool identification based on PVD metadata patterns.
- Walk
Entry - A single entry produced by
IsoReader::walk.
Constants§
- MAX_
DIR_ SIZE - Maximum bytes that
read_dirwill allocate for a single directory. - MAX_
WALK_ DEPTH - Maximum directory nesting depth for
IsoReader::walk.
Traits§
- Read
Seek - A seekable byte source, type-erased so the different container resolutions (plain file, offset-windowed track) unify behind one return type.
Functions§
- analyse
- Forensically analyse an ISO 9660 image.
- analyse_
with_ options - Like
analyse, with explicitAnalyseOptions. - open
- Open an optical image by path, resolving its container to a
Read + Seekover the ISO 9660 data track.