// per-tool methodology
ssdt hook remnant detector
drop sysmon evtx csv or system evtx csv · detect unsigned and vulnerable kernel driver loads · identify bring your own vulnerable driver artifacts · surface kernel-level anti-forensic driver installations · runs locally
public grade
this tool is in the forensics catalog but has not been graded yet. the maturity badge is hidden until npm run forensics:grades includes it. see the public rubric for how grading works.
known limitations
limitations will be published once the automated audit assigns a grade. all forensics output requires independent verification before any legal, financial, medical, safety, or evidentiary use.
B minimum ship bar
- newly added forensics tools must clear the public B minimum before merging
- minimum: letter grade B or A · raw score ≥ 9/14 · UI dimension = 2 · IF/OU/DQ/RB/HN ≥ 1 each · no critical red flags (missing engine, placeholder logic, no exports)
- the ship bar is enforced by quality.audit.json sidecars and npm run tools:grade-forensics --check