// per-tool methodology

mobile remote wipe artifact detector

drop iOS backup files, MDM enrollment plists, or Android DevicePolicyManager logs and logcat output · detect evidence of remote wipe commands being issued or executed · identify the wipe initiator (MDM, Find My iPhone, Google Find My Device, Samsung Find My Mobile) · surface wipe timing and scope · assess whether wipe was completed or interrupted · runs locally

public grade

flagship triageraw 12/14 · raw 12–14 / 14

Astructuredflagship triage

capability class: Sstructured
subcategory: mobile anti-forensics
what to expect: trust as a first-pass tool · still verify before any legal use

what this grade means

real parser depth · 2+ exports with reason fields · honest limits · canonical UI shell

capability class · structured store parser

binary databases and plist/registry hives — SQLite, plist, lnk, registry text, logcat

max grade for this class: A

WAL/journal sidecars and partial copies may omit recent rows
encrypted or locked stores require keys or decrypted images not supplied by this tool

known limitations

even A-grade tools can be wrong on rare inputs, malformed files, or adversarial samples
independent verification is required before consequential or evidentiary use
the grade is not a court-admissibility score — jurisdiction and chain of custody still apply

B minimum ship bar

newly added forensics tools must clear the public B minimum before merging
minimum: letter grade B or A · raw score ≥ 9/14 · UI dimension = 2 · IF/OU/DQ/RB/HN ≥ 1 each · no critical red flags (missing engine, placeholder logic, no exports)
the ship bar is enforced by quality.audit.json sidecars and npm run tools:grade-forensics --check

open the tool

run mobile remote wipe artifact detector →full grading rubric