The latest published 0.x release receives security fixes. Pre-1.0, only the most recent minor line is supported.

Please report security issues privately to albert@securityronin.com rather than opening a public issue. Include a description, affected version, and a reproducing input if possible. You will receive an acknowledgement within a few business days.

useract-forensic correlates attacker-controllable, already-decoded forensic evidence (shell-history entries, device-connection records, and the v0.2 sources to come). It is built to fail safe:

• #![forbid(unsafe_code)] — no FFI, no raw pointers, no unsafe anywhere.
• Panic-free production code — the workspace denies clippy::unwrap_used and clippy::expect_used; missing or malformed fields degrade gracefully, never crash.
• No network, no telemetry — all processing is local.
• Findings are observations, never verdicts — the type system and the hedged-note convention keep the crate from asserting legal conclusions.

This crate parses no raw byte format of its own — it consumes the typed output of reader crates that are themselves fuzzed at their parse boundary (e.g. shellhist-core, peripheral-core). The fuzzing surface therefore lives in those upstream crates; useract-forensic's own logic is total over the typed inputs and is covered to 100% by the test suite.