feat: add CI, e2e tests with DFTT fixtures, 98.8% unit test coverage

- Add GitHub Actions CI (fmt, clippy, test, cargo-deny) with pinned action SHAs
- Add pre-commit hooks (fmt, clippy, test, cargo-deny)
- Add 3 small E01 test fixtures from Digital Corpora (~1.2 MB total)
- Add 10 e2e tests verifying full-media MD5 against libewf and Sleuth Kit
- Add 12 unit tests covering error paths and edge cases (98.8% coverage)
- Fix clippy warnings (uninlined_format_args, redundant_slicing, io_other_error)
- Remove "How it works" section from README (internal implementation detail)
- Update VALIDATION.md with all 6 validated images

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: h4x0r

.github/workflows/ci.yml

@@ -0,0 +1,49 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+  RUSTFLAGS: -Dwarnings
+
+jobs:
+  fmt:
+    name: Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+      - run: cargo fmt --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
+      - run: cargo clippy --all-targets -- -D warnings
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
+      - run: cargo test --lib --test e2e_dftt
+
+  deny:
+    name: Cargo Deny
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: EmbarkStudios/cargo-deny-action@34899fc7ba81ca6268d5947a7a16b4649013fea1 # v2.0.11

.gitignore

@@ -1 +1,3 @@
 /target
+.DS_Store
+tarpaulin-report.json

.pre-commit-config.yaml

@@ -0,0 +1,30 @@
+repos:
+  - repo: local
+    hooks:
+      - id: cargo-fmt
+        name: cargo fmt
+        entry: cargo fmt --check
+        language: system
+        types: [rust]
+        pass_filenames: false
+
+      - id: cargo-clippy
+        name: cargo clippy
+        entry: cargo clippy --all-targets -- -D warnings
+        language: system
+        types: [rust]
+        pass_filenames: false
+
+      - id: cargo-test
+        name: cargo test (unit)
+        entry: cargo test --lib --test e2e_dftt
+        language: system
+        types: [rust]
+        pass_filenames: false
+
+      - id: cargo-deny
+        name: cargo deny
+        entry: cargo deny check
+        language: system
+        files: (Cargo\.toml|Cargo\.lock|deny\.toml)
+        pass_filenames: false

README.md

@@ -90,33 +90,9 @@ let ntfs = Ntfs::new(&mut reader)?;
 | L01/Lx01 (logical) | Not yet |
 | S01 (SMART) | Not yet |
 
-## How it works
-
-EWF stores disk data as zlib-compressed 32 KB chunks across one or more segment files. Each segment contains a linked list of section descriptors pointing to volume geometry, chunk offset tables, and compressed data.
-
-```
-.E01 file layout:
-┌─────────────┐
-│ File Header  │  13 bytes: EVF signature + segment number
-├─────────────┤
-│ Section      │  76 bytes each, linked list:
-│ Descriptors  │  volume → table → sectors → done
-├─────────────┤
-│ Volume       │  Chunk geometry (sectors/chunk, bytes/sector)
-├─────────────┤
-│ Table        │  Chunk offset array (4 bytes per entry)
-├─────────────┤
-│ Sectors      │  Compressed chunk data
-├─────────────┤
-│ done         │  End of chain
-└─────────────┘
-```
-
-`EwfReader::open()` walks each segment's section chain, builds a flat `Vec<Chunk>` index, then serves `Read + Seek` by mapping any byte offset to its chunk in O(1).
-
 ## Validation
 
-Full-media MD5 comparison against libewf and The Sleuth Kit confirms bit-identical output across 3 public forensic images totaling 303 GiB. See [docs/VALIDATION.md](docs/VALIDATION.md) for results, image sources, and reproduction steps.
+Full-media MD5 comparison against libewf and The Sleuth Kit confirms bit-identical output across 6 public forensic images (303+ GiB of media). Three small images from [Digital Corpora](https://digitalcorpora.org/) are committed as test fixtures and run in CI. See [docs/VALIDATION.md](docs/VALIDATION.md) for results, image sources, and reproduction steps.
 
 ## Acknowledgments
 

deny.toml

@@ -0,0 +1,25 @@
+[advisories]
+version = 2
+ignore = []
+
+[licenses]
+version = 2
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "ISC",
+    "Unicode-3.0",
+    "Zlib",
+]
+
+[bans]
+multiple-versions = "warn"
+wildcards = "deny"
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+allow-git = []

docs/VALIDATION.md

@@ -69,6 +69,58 @@ Every byte of decompressed media is hashed and compared — not sampled.
 
 **Full-media MD5:** `522df9db8289f4f8132cf47b14d20fb8` — identical across libewf, Sleuth Kit, and ewf crate.
 
+### 4. exfat1 (DFTT)
+
+| Property | Value |
+|----------|-------|
+| Project | [Digital Forensics Tool Testing (DFTT)](http://dftt.sourceforge.net/) (Brian Carrier) |
+| Source | [Digital Corpora](https://digitalcorpora.org/) — AWS Open Data |
+| URL | `https://digitalcorpora.s3.amazonaws.com/corpora/drives/dftt-2004/exfat1.E01` |
+| Filename | `exfat1.E01` |
+| E01 file size | 274,722 bytes (268 KB) |
+| E01 MD5 | `74aca823a3959867a9de72a6b4c79b50` |
+| Format | EnCase 6, deflate best-compression |
+| Media size | 100,020,736 bytes (95 MiB) |
+| Sectors/chunk | 64 |
+| Filesystem | exFAT |
+
+**Full-media MD5:** `0777ee90c27ed5ff5868af2015bed635` — identical across libewf, Sleuth Kit, and ewf crate.
+
+### 5. imageformat_mmls_1 (DFTT)
+
+| Property | Value |
+|----------|-------|
+| Project | [Digital Forensics Tool Testing (DFTT)](http://dftt.sourceforge.net/) (Brian Carrier) |
+| Source | [Digital Corpora](https://digitalcorpora.org/) — AWS Open Data |
+| URL | `https://digitalcorpora.s3.amazonaws.com/corpora/drives/dftt-2004/imageformat_mmls_1.E01` |
+| Filename | `imageformat_mmls_1.E01` |
+| E01 file size | 414,941 bytes (405 KB) |
+| E01 MD5 | `bb6c6bec25d589e87a11af9129275cc9` |
+| Format | FTK Imager, no compression |
+| Media size | 62,915,072 bytes (60 MiB) |
+| Sectors/chunk | 64 |
+| Filesystem | NTFS (partition at offset 65536) |
+| Description | Created to test Sleuth Kit libraries |
+
+**Full-media MD5:** `8ec671e301095c258224aad701740503` — identical across libewf, Sleuth Kit, and ewf crate.
+
+### 6. nps-2010-emails (NPS)
+
+| Property | Value |
+|----------|-------|
+| Project | Naval Postgraduate School (NPS) forensic test corpora |
+| Source | [Digital Corpora](https://digitalcorpora.org/) — AWS Open Data |
+| URL | `https://digitalcorpora.s3.amazonaws.com/corpora/drives/nps-2010-emails/nps-2010-emails.E01` |
+| Filename | `nps-2010-emails.E01` |
+| E01 file size | 518,680 bytes (507 KB) |
+| E01 MD5 | `98e52ff847a440df3ba08261a3eea0f8` |
+| Format | EnCase 6, deflate best-compression |
+| Media size | 10,485,760 bytes (10 MiB) |
+| Sectors/chunk | 64 |
+| Content | 30 email addresses in various document formats |
+
+**Full-media MD5:** `7dae50cec8163697415e69fd72387c01` — identical across libewf, Sleuth Kit, and ewf crate.
+
 ## How to Reproduce
 
 ### Download test images
@@ -111,5 +163,8 @@ cargo test --tests
 | Szechuan Sauce | EWF v1, 4 segments | 15.0 GiB | `bcd3aef...` | Yes |
 | MaxPowers | linen 5, 1 segment | 50.0 GiB | `10c1fbc...` | Yes |
 | PC-MUS-001 | EnCase 6, 1 segment | 238.5 GiB | `522df9d...` | Yes |
+| exfat1 | EnCase 6, compressed | 95 MiB | `0777ee9...` | Yes |
+| imageformat_mmls_1 | FTK Imager, uncompressed | 60 MiB | `8ec671e...` | Yes |
+| nps-2010-emails | EnCase 6, compressed | 10 MiB | `7dae50c...` | Yes |
 
-The `ewf` crate produces bit-identical output to both libewf and The Sleuth Kit across all 303 GiB of tested media.
+The `ewf` crate produces bit-identical output to both libewf and The Sleuth Kit across all 6 images (303+ GiB of tested media). Images 4-6 are committed as test fixtures and run in CI.