diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index a47c930..6ff0957 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -54,4 +54,4 @@ jobs:
           tag_name: ${{ github.ref }}
           release_name: Release ${{ github.ref }}
           draft: false
-          prerelease: false
+          prerelease: false
\ No newline at end of file
diff --git a/README.md b/README.md
index 487897e..8ef1655 100644
--- a/README.md
+++ b/README.md
@@ -98,4 +98,4 @@ Blint produces the following json artifacts in the reports directory:
 
 ## Discord support
 
-The developers could be reached via the [discord](https://discord.gg/DCNxzaeUpd) channel.
+The developers could be reached via the [discord](https://discord.gg/DCNxzaeUpd) channel.
\ No newline at end of file
diff --git a/blint/data/annotations/review_symbols_antiforensic.yml b/blint/data/annotations/review_symbols_antiforensic.yml
new file mode 100644
index 0000000..f6d8dbe
--- /dev/null
+++ b/blint/data/annotations/review_symbols_antiforensic.yml
@@ -0,0 +1,137 @@
+---
+text: Review for Anti-Forensics
+group: SYMBOL_REVIEWS
+exe_type:
+    - genericbinary
+    - x86_64-executable
+    - gobinary
+    - PE32
+    - PE64
+    - dotnetbinary
+    - MachO
+    - mips-executable
+rules:
+  - id: FORENSIA
+    title: Forensia Anti-Forensics Tool
+    summary: Detect Erasing of Evidence of Exploitation
+    description: |
+      Forensia is an anti forensics tool for red teamers used for erasing footprints in the post exploitation phase.
+    patterns:
+      - CorruptStep
+      - disableETW
+      - ds_deposite_handle
+      - ds_open_handle
+      - ds_rename_handle
+      - DS_STREAM_RENAME
+      - GIOVANNI_DICANIO_WINREG_HPP_INCLUDED
+      - g_pwszExecutionMode
+      - JLSS_ID_POSIXVER_H
+      - MeltFile
+      - SysmonUnload
+      - _RtlAdjustPrivilege
+
+  - id: PUPY
+    title: Pupy Post-Exploitation Framework
+    summary: Detect Erasing of Evidence of Exploitation
+    description: |
+      Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
+    patterns:
+      - GetVersionExA_Hooked
+      - GetVersionExW_Hooked
+      - MapNewExecutableRegionInProcess
+      - MemLoadLibrary
+      - MemoryFindResourceA
+      - MemoryFindResourceExA
+      - MemoryFindResourceExW
+      - MemoryFindResourceW
+      - MemoryModuleFileNameA
+      - MemoryModuleFileNameW
+      - MyEnumerateLibraries
+      - MyEnumerateLoadedLibraries
+      - MyEtwEventWrite
+      - MyEtwEventWriteFull
+      - MyEtwRegister
+      - MyEtwUnregister
+      - MyFindMemoryModuleNameByAddr
+      - MyFindProcAddress
+      - MyFindResourceA
+      - MyFindResourceExA
+      - MyFindResourceExW
+      - MyFindResourceW
+      - MyGetLibraries
+      - MyGetModuleFileNameA
+      - MyGetModuleFileNameW
+      - MyGetModuleHandleExA
+      - MyGetModuleHandleExW
+      - MyGetModuleHandleW
+      - MyGetUnhandledExceptionFilter
+      - MyLoadStringA
+      - MySetLibraries
+      - PUPY_LOAD_H
+      - PayloadsHandler
+      - PostmortemFilter
+      - PupyArgumentParser
+      - PupyArgumentParserRef
+      - PupyArgumentParserWrap
+      - PupyBindService
+      - PupyCategories
+      - PupyClient
+      - PupyCmd
+      - PupyCmdLoop
+      - PupyConfig
+      - PupyDnsActivationHandler
+      - PupyDnsCnc
+      - PupyDnsCommandServerHandler
+      - PupyFunctionTableAccess
+      - PupyGetModuleBase
+      - PupyJob
+      - PupyKCPSocketStream
+      - PupyModCompleter
+      - PupyModule
+      - PupyModuleDisabled
+      - PupyModuleError
+      - PupyModuleExit
+      - PupyModuleMetaclass
+      - PupyModuleNotFound
+      - PupyModuleUsageError
+      - PupyOffloadAcceptor
+      - PupyOffloadDNS
+      - PupyOffloadManager
+      - PupyOffloadSocket
+      - PupyServer
+      - PupyService
+      - PupyWebServer
+      - Py_find_function_address
+      - Py_get_arch
+      - Py_is_shared_object
+      - Py_load_dll
+      - Py_mexec
+      - Py_reflective_inject_dll
+      - Py_set_exit_session_callback
+      - Py_set_is_shared_object
+      - REFLECTIVE_LOADER_SYM
+      - WrappedThreadRoutine
+      - _PUPY_MEMFD_H
+      - __loadRubberDuckyConf__
+      - _pupy_main
+      - _run_pupy_thread
+      - createRubberDuckyScriptForWindowsTarget
+      - init_pupy
+      - inject_dll
+      - inject_via_apcthread
+      - inject_via_remotethread
+      - inject_via_remotethread_wow64
+      - keylogger_start
+      - load_pupyimporter
+      - pupy_main
+      - pupy_memfd_create
+      - pupy_memfd_supported
+      - pupycompile
+      - pupygen
+      - run_pupy
+
+
+
+
+
+
diff --git a/poetry.lock b/poetry.lock
index 2331883..f40ecdc 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -708,4 +708,4 @@ testing = ["big-O", "flake8 (<5)", "jaraco.functools", "jaraco.itertools", "more
 [metadata]
 lock-version = "2.0"
 python-versions = ">=3.7,<3.12"
-content-hash = "eb3be781e9f724cb32e1e6430c5b2f85e8e0885ccf232e1995ef55997fcd5435"
+content-hash = "eb3be781e9f724cb32e1e6430c5b2f85e8e0885ccf232e1995ef55997fcd5435"
\ No newline at end of file
diff --git a/pyproject.toml b/pyproject.toml
index 05a8e5d..b934070 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -45,4 +45,4 @@ pyinstaller = "^5.10.1"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]
-build-backend = "poetry.core.masonry.api"
+build-backend = "poetry.core.masonry.api"
\ No newline at end of file