A Brief History of My FOSS Tools
The creation of AChoir and AChoirX stems from my commitment to building robust, scalable, and efficient open-source tools that address the evolving needs of security professionals, incident responders, and developers.
My passion for building automation tools came long before I pivoted into cybersecurity. As a mainframe operator, and then a distributed computing professional, I automated everything that I would do more than once. That journey took me through learning a dozen different languages and tools, and early on I was creating my own simple scripting languages to automate my automation.
The journey of my Free and Open Source forensic tools began when I saw the need for defenders with little to no budget to defend their web servers with a flexible and free monitoring tool. That tool became OMENS.
The experiences I gained from developing OMENS provided a strong foundation for the creation of AChoir, which focuses on collecting artifacts from Windows computers for forensic investigation. Because of the way I designed it, AChoir can also automate other complex security and forensics tasks. The continuous refinement of these tools led to the development of AChoirX and later projects like TriageReport and Auto4n6, which further extend their capabilities.
The Genesis of OMENS: Laying the Groundwork
Before diving into AChoir and AChoirX, it’s essential to acknowledge the importance of OMENS, which really sparked my desire to create reliable tools for cyberdefenders. OMENS was developed as a freely available web server monitoring tool aimed at quickly identifying attacks and vulnerabilities in web applications and server environments. It was designed to be lightweight, flexible, and easy to use, empowering cybersecurity professionals to rapidly assess attacks against their web servers.
While OMENS fulfilled its purpose as a web server monitoring tool, the need for more specialized tools to handle the complexities of forensic collection and automation became evident. At that time, forensic collection and automation was done mostly via shared (Windows, Linux, Mac) shell scripts, and no one had (yet) created a FOSS framework/tool for collecting and automatic forensic investigations. In fact, I was questioned as to why such a tool was even needed (nobody is questioning that need now).
I recognized the potential to move beyond scanning and monitoring to more sophisticated, integrated tools capable of automating incident response and streamlining forensic investigations. This realization led to the creation of AChoir and its successor, AChoirX.
AChoir: The Vision for Automated Security and Forensics
The idea behind AChoir was to create a comprehensive platform that could automate forensic collection and additional key security and forensic processes, reducing the time and effort required to investigate incidents and perform security analysis.
At its core, AChoir was focused on efficiency and automation. The tool aimed to enable security professionals and incident responders to handle complex collection and analysis workflows on Windows without getting bogged down in manual, time-consuming processes.
AChoirX: Expanding Capabilities and Integrating More Features
As cybersecurity threats became more sophisticated and the demands for automation and scalability grew, the need for a more advanced and cross-platform version of AChoir became apparent. This led to the creation of AChoirX, an extended version that used the same concepts, expanded them, and made them available on Linux, Windows, MacOS, and Android.
TriageReport and Auto4n6: Further Expanding the Ecosystem
While AChoir and AChoirX focused on automating forensic artifact collection and processing, the need for specialized reporting and automation for specific forensic tasks became clear. This vision led to the development of two follow-on projects:
TriageReport: Designed to simplify and automate the creation of detailed forensic reports, TriageReport is a tool that helps security professionals and investigators generate standardized, comprehensive reports from their forensic analysis. The project was driven by the need for consistent, easy to navigate reporting formats that could be easily shared with collaborators, stakeholders, clients, or law enforcement agencies.
Auto4n6: Building on the success of AChoirX, Auto4n6 focuses on automating the entire digital forensics lifecycle, from evidence collection to analysis. This tool was designed to support incident responders and forensics professionals by reducing the manual overhead involved in traditional forensics workflows. By automating common forensics tasks and streamlining data processing, Auto4n6 helps experts focus on higher-value analysis while reducing the time required to complete investigations.
The Evolution of Open-Source Contributions
Throughout the creation of these tools, I remained committed to the open-source ethos, ensuring that each project was accessible, extensible, and built with contributions from the community in mind. By leveraging feedback from other security professionals, developers, and contributors, I am able to iterate on features quickly and improve the overall quality and relevance of these tools.
Conclusion: A Journey of Automation and Innovation
The evolution from OMENS to AChoir, then to AChoirX, and the subsequent creation of TriageReport and Auto4n6, represents my commitment to enhancing the cybersecurity landscape through automation, integration, and community-driven development. The journey has not only been about creating tools but about building a comprehensive ecosystem that empowers security professionals, incident responders, and forensics experts to work more efficiently and effectively in the face of ever-evolving cyber threats.
For more information and to contribute to the ongoing development of these tools, visit the respective repositories: