QuickScan Client Edition — Privacy & Consent
Professional, air-gapped portable device triage. Strictly identification and high-level triage only — no remediation, no legal advice, no system changes. This page details exactly what is collected, the explicit consent model, data flows, retention, chain-of-custody support, and your rights.
QuickScan runs 40+ 2026 scanners / 12+ dedicated deep collectors (including ransomware_2026_ttps, wifi-network-history, bluetooth-connection-history, consumer-cloud-kfm-abuse, macos-home-user-deep, email-auto-forward-webmail, scheduled-tasks-deep, security-software-tampering + full Tier-1/Tier-2 Home Visit collectors, Windows platform deeps, macOS depth, cloud/exfil, 2026 TTPs etc.) to identify high-signal patterns. Pro unlocks the 8 hs-* HOME VISIT READY presets. It produces rich local interactive reports. It does not remediate, clean, encrypt, or alter anything on your system. It does not create forensically sound disk images. Outputs inform our examiners and help you decide whether to engage full professional services. Court-admissible work requires our write-blocked imaging under documented chain-of-custody.
High-level forensic signals only — local first, never raw files without you
The downloadable QuickScan Client Edition (and portable USB bundles) runs 100% locally on your machine or air-gapped USB drive. Raw source files, documents, full disk contents, or personal data are never transmitted unless you explicitly choose to upload a structured findings report after you review the complete local rich bundle.
- Windows: Prefetch / Amcache, SRUM.dat, registry deep (Run, USB, profiles), Jump Lists, Scheduled Tasks, detailed USB device history, memory/process traces
- macOS: TCC.db / Privacy DB, LaunchAgents/LaunchDaemons, unified logs, XProtect/MRT/SIP status, keychain/credential artifacts, browser & cloud sync
- Shared: ransomware_deep, persistence_deep, antiforensics, lateral movement, security software tampering, browser/email/network artifacts + 10+ core collectors
- Structured findings payload only (risk 0-100 score, executive summary, filterable findings catalog/log, timeline, per-module details, checksums, consent metadata)
- Optional case ID for admin linking + your notes
- Full rich local bundle (standalone interactive HTML + JSON + TXT + manifest + SHA-256) is saved to USB/external drive first
- Raw files, documents, or disk images are never sent
Modern GUI (quickscan-client) + CLI + portable scripts all enforce the same local-first flow.
Layered, timestamped, versioned, explicit, and revocable
Two-stage + final explicit consent (built into GUI, CLI, and portable flows): You must affirmatively check consent boxes for “scan” and then “upload for examiner review.” The client records precise ISO timestamps and the exact policy version (e.g. “2026-05-Client-Edition-1.2”).
Server-enforced (upload API): Payload must include consent_summary with scan.granted, upload.granted, timestamps, and policy_version. Missing or outdated → immediate rejection. No data stored.
Revocable by design: Simply do not click “Upload for Examiner Review.” The complete rich interactive HTML report + JSON/TXT bundles are already saved locally to your USB or chosen drive. Deleting those files or declining the upload dialog means nothing ever leaves your control.
Audit & CoC ready: Every accepted upload records the full consent snapshot, module list, checksum, and timestamps into the private examiner audit store alongside the report.
Local-first. Partitioned. Examiner-only access. Never sold.
- Primary: Private Netlify Blobs “quickscan-uploads” (user/case partitioned, never public)
- Append-only immutable audit trail (quickscan-audit) for compliance
- Default retention tied to active examiner case needs; deletion on verified support request
- Rate limiting + per-source windows protect the service
- DMV Forensics examiners only via authenticated admin console (/admin#quickscan)
- You (owner) can request export or deletion with license/case proof
- No cross-user visibility. No third-party sharing or sale — ever
- Pro/enterprise: optional license-key or token auth for deployments
Every Client Edition run produces rich local bundles (self-contained interactive HTML dashboard with filter/search, risk score + justification, categorized timeline, per-module deep details, embedded ~40-mile DMV Rapid Response CTAs, plus JSON/TXT/manifest/SHA-256) saved automatically to USB or designated drive first. USB provenance (volume GUIDs, insertion timestamps) captured where available.
For formal legal matters: QuickScan is triage tooling only. Engage DMV Forensics professionals for hardware write-blocked full disk/memory imaging under documented chain-of-custody when court admissibility or preservation orders are required. QuickScan findings help scope that work.
You stay in control
- Access / export: License or case holders may request their stored reports + full audit trail.
- Self-service status check: Confirm receipt of any upload instantly via the public QuickScan Report Status page (no login or account needed). Provide your Upload ID plus your license email or the consent reference from your receipt.Open status lookup →
- Deletion: Submit support request (or email privacy@dmvforensics.com) with proof of ownership. We locate and remove within policy timelines.
- Revocation: Stop using the upload feature or delete local bundles at any time. Consent is per-upload and explicitly timestamped.
- Complaints: Contact us first for rapid resolution. You may also reach relevant data protection authorities.
Policy version: 2026-05-Client-Edition-1.2 (or later as published on this page). This notice is linked from the /quickscan page, Client GUI privacy button, upload error responses, LEGAL_DISCLAIMER.md, USER_GUIDE, and all shipped media.