Text size
  • Small
  • Medium
  • Large
Contrast
  • Standard
  • Blue text on blue
  • High contrast (Yellow text on black)
  • Blue text on beige

    Forensic Readiness for SCADA/ICS Incident Response

    4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR 2016)

    23 - 25 August 2016, Queen's Belfast University, UK.

    AUTHORS

    Peter Eden, Andrew Blyth, Pete Burnap, Yulia Cherdantseva, Kevin Jones, Hugh Soulsby & Kristan Stoddart

    ABSTRACT

    http://dx.doi.org/10.14236/ewic/ICS2016.16

    The actions carried out following any cyber-attack are vital in limiting damage, regaining control and determining the cause and those responsible. Within SCADA and ICS environments there is certainly no exception. Critical National Infrastructure (CNI) relies heavily on SCADA systems to monitor and control critical processes. Many of these systems span huge geographical areas and contain thousands of individual devices, across an array of asset types. When an incident occurs, those assets contain forensic artefacts, which can be thought of as any data that provides explanation to the current state of the SCADA system. Knowing what devices exist within the network and the tools and methods to retrieve data from them are some of the biggest challenges for incident response within CNI. This paper aims to identify those assets and their forensic value whilst providing the tools needed to perform data acquisition in a forensically sound manner. It will also discuss the key stages in which the incident response process can be managed.

    PAPER FORMATS

    PDF file PDF Version of this Paper 471(kb)