ROMcontained

ROMcontained is an open‑source forensic tool designed for the analysis of Read‑Only Memory (ROM) images from embedded firmware and legacy hardware devices. The utility was first released in 2018 by the firmware security research group at the University of Technology, Cityland, and is maintained through a community of developers on GitHub. Its primary purpose is to detect and classify "contamination" within ROMs—anomalies such as embedded malware, tampered code segments, or unintended third‑party library inclusions that may compromise device integrity.

The tool operates by first extracting raw binary contents from a firmware package, then applying a series

ROMcontained supports multiple architectures, including ARM, MIPS, and PowerPC, and can process images encapsulated in common

Documentation for ROMcontained is hosted on ReadTheDocs and includes a detailed user guide, API reference, and