Module bootkit 

Known boot-sector-malware marker detection.

The marker data and the matching logic are centralized in the forensicnomicon knowledge crate (forensicnomicon::bootkit); this module re-exports them so existing mbr_forensic::bootkit::{scan, KNOWN_SIGNATURES} call sites keep working. A match raises crate::AnomalyKind::KnownBootkit.

Structs

BootkitMarker

One boot-sector-malware marker: a family name and the literal needle bytes that, if present anywhere in the boot code, identify it.

Constants

KNOWN_SIGNATURES

Seed table of documented boot-sector-malware markers (see module docs).

Functions

scan

Scan boot_code for every known marker, returning the distinct family names that matched, in table order (each family reported at most once).