v0.1.0

mbr-forensic v0.1.0

First release of the forensic-grade MBR parser.

Features

• Full MBR sector parsing — boot code (446 bytes), NT disk serial (offset 440), reserved bytes (offset 444–445), four partition entries with CHS decoding
• Boot code fingerprinting — Windows 7+, Vista, GRUB 2, GRUB Legacy, Syslinux, AllZeros (wiped), AllOnes (erased)
• Partition type semantics — 40+ type codes mapped to PartitionFamily + human-readable names
• EBR chain traversal — cycle detection, depth cap (64), slack byte inspection on EBR entries 2–3
• Gap analysis — pre-partition, inter-partition, and post-partition unpartitioned space
• Filesystem fingerprinting — NTFS, ext2/3/4, FAT, exFAT, LUKS, APFS, XFS, Linux swap, LVM2
• Declared vs detected type mismatch detection
• Shannon entropy on slack regions
• 20 anomaly types with severity levels and byte-precise offsets

Security

• No panics on malicious input — all arithmetic uses checked/saturating operations
• EBR cycle and overflow detection
• Fuzz targets for parse_mbr_sector and analyse (via cargo-fuzz)

Testing

104 tests (unit + integration) with 100% line coverage across all modules.

crates.io · docs.rs