Document reanalyzing feature, and include rayhunter-check in release

.github/workflows/main.yml

@@ -344,7 +344,7 @@ jobs:
           else
             mv installer-$platform/installer "$dest"/installer
           fi
-          cp -r rayhunter-daemon rootshell/rootshell dist/* installer/install.ps1 "$dest"/
+          cp -r rayhunter-check-* rayhunter-daemon rootshell/rootshell dist/* installer/install.ps1 "$dest"/
           zip -r "$dest.zip" "$dest"
           sha256sum "$dest.zip" > "$dest.zip.sha256"
 

doc/SUMMARY.md

@@ -10,6 +10,7 @@
 - [Uninstalling](./uninstalling.md)
 - [Using Rayhunter](./using-rayhunter.md)
   - [Rayhunter's heuristics](./heuristics.md)
+  - [Re-analyzing recordings](./reanalyzing.md)
   - [How we analyze a capture](./analyzing-a-capture.md)
 - [Supported devices](./supported-devices.md)
   - [Orbic RC400L](./orbic.md)

doc/reanalyzing.md

@@ -0,0 +1,26 @@
+# Re-analyzing recordings
+
+Every once in a while, Rayhunter refines its heuristics to detect more kinds of
+suspicious behavior, and to reduce noise from incorrect alerts.
+
+This means that your old green recordings may actually contain data that is now
+deemed suspicious, and also old red recordings may become green.
+
+You can re-analyze any old recording inside of Rayhunter by clicking on "N
+warnings" to expand details, then clicking the "re-analyze" button.
+
+## Analyzing recordings on Desktop
+
+If you have a PCAP or QMDL file but no rayhunter, you can analyze it on desktop
+using the `rayhunter-check` CLI tool. That tool contains the same heuristics as
+Rayhunter and will also work on traffic data captured with other tools, such as
+QCSuper.
+
+You need Rust installed and the rayhunter repository checked out:
+
+```sh
+cargo run -p rayhunter-check -- --path ~/Downloads/myfile.qmdl
+cargo run -p rayhunter-check -- --path ~/Downloads/myfile.pcap
+```
+
+Since, 0.7.0, `rayhunter-check` is included in the release zipfile.