An open API service indexing awesome lists of open source software.

https://github.com/acquiredsecurity/acquiredsecurity.github.io

Tools For Digital Forensics and SentinelOne
https://github.com/acquiredsecurity/acquiredsecurity.github.io

Last synced: 5 months ago
JSON representation

Tools For Digital Forensics and SentinelOne

Awesome Lists containing this project

README

          

# AcquiredSecurity

## Digital Forensics & Threat Hunting Cybersecurity Person

Welcome to my GitHub Pages site showcasing my cybersecurity tools, forensic utilities, and threat hunting frameworks.

## About Me

I'm a former Incident Response Consultant with extensive experience in digital forensics, threat hunting, and cybersecurity. I specialize in developing tools and frameworks for security analysts and forensic investigators to enhance their capabilities in threat detection, malware analysis, and incident response.

## Projects

### [Forensic Timeliner](https://github.com/acquiredsecurity/forensic-timeliner)
A high-speed forensic timeline creation tool for DFIR investigators to quickly combine CSV files from leading Windows forensic triage tools (EZ Tools/Kape, Axiom, Hayabusa, Chainsaw, Nirsoft). The tool produces CSV output ready for Timeline Explorer, Excel, and other analysis platforms.

### [SentinelOne STAR Rules & Threat Hunts](https://github.com/acquiredsecurity/Sentinel-One-STAR-Rules-Threat-Hunts)
A collection of custom detection rules for SentinelOne's STAR (Storyline Active Response) framework, focused on detecting command tradecraft, malware behaviors, and tactics used by ransomware operators and APT groups.

### [SentinelOne Threat Hunting & XDR Guide](https://github.com/acquiredsecurity/SentinelOne-ThreatHunting-and-XDR-Guide)
A comprehensive beginner's guide to threat hunting with SentinelOne, including dashboards and queries for analyzing processes, indicators, files, network traffic, registry changes, and more through the Skylight feature.

### [SentinelOne ThreatIntel API JSON Generator](https://github.com/acquiredsecurity/SentinelOne_ThreatIntelAPI_JSON_Generator)
A web-based tool that allows security teams to manually input Indicators of Compromise (IOCs) and generate properly formatted JSON data for use with the SentinelOne API, streamlining the process of integrating threat intelligence.

### [Kapesaw](https://github.com/acquiredsecurity/kapesaw)
A specialized tool for digital forensics that enhances the capabilities of KAPE (Kroll Artifact Parser and Extractor) for Windows forensic investigations.

### [Malware Simulations](https://github.com/acquiredsecurity/MalwareSimulations)
A collection of simulated attacker behaviors designed to test the effectiveness of AV/EDR/XDR telemetry, helping security teams validate their detection capabilities without using actual malware.

## Skills

- Digital Forensics & Incident Response (DFIR)
- Threat Hunting & Detection Engineering
- SentinelOne EDR/XDR Administration
- Custom Detection Rule Development
- Timeline Analysis & Forensic Artifact Recovery
- Malware Analysis & Simulation
- PowerShell & Python Scripting
- Windows Forensics & Event Log Analysis

## Experience

### Former Incident Response Consultant
**Various Organizations**
- Developed custom forensic tools for high-speed timeline creation and analysis
- Created comprehensive threat hunting frameworks for SentinelOne environments
- Designed and implemented custom detection rules for APT and ransomware behaviors
- Built tools to streamline IOC management and integration with security platforms
- Produced training materials and guides for junior analysts on threat hunting methodologies

## Contact

- GitHub: [acquiredsecurity](https://github.com/acquiredsecurity)
- Youtube [@0xn00b](https://www.youtube.com/channel/UCN6_TqkzPDYAIlMHkr0_stg)

## Resources

- [SentinelOne Remote Operations Scripts](https://github.com/acquiredsecurity/SentinelOne-Remote-Ops-Scripts) - PowerShell scripts for SentinelOne administration and incident response
- [Skylight PowerShell Dashboard](https://github.com/acquiredsecurity/SentinelOne-ThreatHunting-and-XDR-Guide/blob/main/IV.%20Skylight-PowerShell) - Specialized dashboard for PowerShell telemetry analysis

## Featured Project: Forensic Timeliner

![Forensic Timeliner](https://raw.githubusercontent.com/acquiredsecurity/forensic-timeliner/main/img/forensic-timeliner-logo.png)

Forensic Timeliner is a high-speed forensic timeline creation tool that helps DFIR investigators quickly analyze data from multiple sources:

- **Multi-tool integration:** Combines CSV files from EZ Tools/Kape, Axiom, Hayabusa, Chainsaw, and Nirsoft tools
- **Intelligent filtering:** Adds custom logic and filtering to help investigators identify important data quickly
- **Auto-discovery:** Automatically discovers CSV files based on default naming conventions
- **Interactive interface:** Features an interactive menu and config-driven processing
- **Customizable:** Export and load custom configurations to match your investigation workflow

[Learn more about Forensic Timeliner](https://github.com/acquiredsecurity/forensic-timeliner)

---

© 2025 AcquiredSecurity. All rights reserved.