Expand description
shellhist-forensic — graded anomaly auditor over shell command history.
Consumes shellhist_core::HistoryEntry streams and emits
forensicnomicon::report::Findings. Every anomaly is an observation
(“consistent with …”); the examiner draws the conclusions. MITRE techniques
are narrated as consistency, never as a verdict.
Enums§
- Hist
Anomaly - A graded shell-history anomaly.
Functions§
- audit
- Audit a history-entry stream for anomalies.
- audit_
findings - Convenience: audit and convert directly to graded
Findings. - source
- The
Sourcestamp for findings this analyzer emits.