// per-tool methodology

ransomware impact estimator

before and after csv listings · encrypted files · extension changes · data at risk · encryption wave timeline · ransom notes · runs locally

public grade

flagship triageraw 12/14 · raw 12–14 / 14

Abinaryflagship triage

capability class: Bbinary
subcategory: other
what to expect: trust as a first-pass tool · still verify before any legal use

real parser depth · 2+ exports with reason fields · honest limits · canonical UI shell

byte-level inspection of image/audio/video/document containers and metadata

max grade for this class: A

carving and header inspection can false-positive on random byte alignment
metadata can be stripped or rewritten — absence of a field is not proof of absence of activity

even A-grade tools can be wrong on rare inputs, malformed files, or adversarial samples
independent verification is required before consequential or evidentiary use
the grade is not a court-admissibility score — jurisdiction and chain of custody still apply

newly added forensics tools must clear the public B minimum before merging
minimum: letter grade B or A · raw score ≥ 9/14 · UI dimension = 2 · IF/OU/DQ/RB/HN ≥ 1 each · no critical red flags (missing engine, placeholder logic, no exports)
the ship bar is enforced by quality.audit.json sidecars and npm run tools:grade-forensics --check