Developing a state of the art methodology and toolkit for ICS SCADA forensics

Tools

Betts, M., Stirland, J., Olajide, F. ORCID: 0000-0003-1627-6637, Jones, K. and Janicke, H., 2016. Developing a state of the art methodology and toolkit for ICS SCADA forensics. International Journal of Industrial Control Systems Security, 1 (2), pp. 44-56.

Preview

Text
1597713_Olajide.pdf - Published version
Download (1MB) | Preview

Official URL: https://doi.org/10.20533/ijicss.9781.9083.20346.20...

Abstract

Supervisory Control and Data Acquisition (SCADA) systems are used in different Critical National Infrastructure (CNI), including Electric Power, Oil & Gas, Manufacturing, Utility, Transportation services and others. The underpinning control systems have unique characteristics such as being real-time and safety critical. Therefore interference and disruption of the services from cyber attack poses a significant risk to; the environment, properties, economies and human lives. Responding to such events in not trivial, and recovering the required forensic evidence to understand the cause and consequence of such an event is key. Further, developing a suitable incident response methodology to identify evidential artefacts of the causes of disruption is crucial, should security mechanisms fail. In this paper we present the state of the art methodology forensic toolkit for cyber incident response on Industrial Control System (ICS) environment of SCADA plus evaluate the applicability of current IT forensic tools and the requirements of an 'ICS forensic toolbag'. The research work presents an experimental case study of a malware USB device based attack, a man in the middle attack and a remote access attack.

Item Type:

Journal article

Publication Title:

International Journal of Industrial Control Systems Security

Creators:

Betts, M., Stirland, J., Olajide, F., Jones, K. and Janicke, H.

Publisher:

Infonomics Society

Date:

6 December 2016

Volume:

Number: