Developing Cyber Forensics for SCADA Industrial Control Systems

A large number of industries including: critical national infrastructure (electricity, gas, water, etc.) and manufacturing firms rely heavily on computer systems, networks, control systems, and embedded devices in order to provide safe and reliable operations. These networks can be very complex and are often bespoke to the types of product the industries may provide. In recent years we have seen a significant rise in malicious attacks against such systems, ranging from sophisticated intelligent attacks to simple tool based delivery mechanisms. With the rise in the reliance on industrial control networks and of course the increasing attacks, the lack of security monitoring and post forensic analysis of SCADA networks is becoming increasingly apparent. SCADA systems forensics is not like standard enterprise file-system forensics, the forensic specialist often has to be an expert in such systems/networks and SCADA related devices in order to identify where potential Forensic evidence could be located. This paper looks at the SCADA/industrial control systems, typical attacks and vulnerabilities, problems with forensic analysis and the development of a forensic methodology/toolkit for such systems.

[1]  Ronald M. van der Knijff,et al.  Control systems/SCADA forensics, what's the difference? , 2014, Digit. Investig..

[2]  Katharina Wagner,et al.  Digital Evidence And Computer Crime Forensic Science Computers And The Internet , 2016 .

[3]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[4]  Golden G. Richard,et al.  SCADA Systems: Challenges for Forensic Investigators , 2012, Computer.

[5]  Eoghan Casey,et al.  Digital Evidence and Computer Crime - Forensic Science, Computers and the Internet, 3rd Edition , 2011 .

[6]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..

[7]  Tina Wu,et al.  Towards a SCADA Forensics Architecture , 2013, ICS-CSR.

[8]  Sasa Mrdovic,et al.  Combining static and live digital forensic analysis in virtual environment , 2009, 2009 XXII International Symposium on Information, Communication and Automation Technologies.

[9]  Jim Giles Are states unleashing the dogs of cyber war , 2010 .

[10]  Jack Dongarra,et al.  Software technologies , 2003 .