Blog
About

214
views
0
recommends
+1 Recommend
1 collections
    4
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Forensic Readiness for SCADA/ICS Incident Response

      , , , , , ,

      4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

      Cyber Security Research

      23 - 25 August 2016

      SCADA, critical infrastructure, digital forensics, incident response, SCADA forensics

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          The actions carried out following any cyber-attack are vital in limiting damage, regaining control and determining the cause and those responsible. Within SCADA and ICS environments there is certainly no exception. Critical National Infrastructure (CNI) relies heavily on SCADA systems to monitor and control critical processes. Many of these systems span huge geographical areas and contain thousands of individual devices, across an array of asset types. When an incident occurs, those assets contain forensic artefacts, which can be thought of as any data that provides explanation to the current state of the SCADA system. Knowing what devices exist within the network and the tools and methods to retrieve data from them are some of the biggest challenges for incident response within CNI. This paper aims to identify those assets and their forensic value whilst providing the tools needed to perform data acquisition in a forensically sound manner. It will also discuss the key stages in which the incident response process can be managed.

          Related collections

          Most cited references 19

          • Record: found
          • Abstract: not found
          • Article: not found

          SCADA Systems: Challenges for Forensic Investigators

            Bookmark
            • Record: found
            • Abstract: not found
            • Book: not found

            Recommended practice: Recommended practice: Creating cyber forensics plans for control systems

             M Fabro,  E Cornelius (2008)
              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              ‘Intercepting network traffic’

               E. Hjelmvik (2011)
                Bookmark

                Author and article information

                Contributors
                Conference
                August 2016
                August 2016
                : 142-150
                Affiliations
                Information Security Research group

                School of Computing and Mathematics

                Department of Computing, Engineering and Science

                University of South Wales

                Pontypridd, CF371DL

                UK
                Computer Science and Informatics

                Cardiff University, Queen’s Buildings

                5 The Parade, Roath

                Cardiff CF24 3AA, UK
                Airbus Group Innovations

                Quadrant House Celtic Springs

                Coedkernew

                Newport NP10 8FZ, UK
                Department of International Politics

                Aberystwyth University

                Penglais, Aberystwyth

                Ceredigion

                SY23 3FE, UK
                Article
                10.14236/ewic/ICS2016.16
                © Eden et al. Published by BCS Learning & Development Ltd. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                4th International Symposium for ICS & SCADA Cyber Security Research 2016
                ICS-CSR
                4
                Queen’s Belfast University, UK
                23 - 25 August 2016
                Electronic Workshops in Computing (eWiC)
                Cyber Security Research

                Comments

                Comment on this article