• Record: found
  • Abstract: found
  • Article: found
Is Open Access

Forensic Readiness for SCADA/ICS Incident Response

, , , , , ,

4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

Cyber Security Research

23 - 25 August 2016

SCADA, critical infrastructure, digital forensics, incident response, SCADA forensics

Read this article at

      There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.


      The actions carried out following any cyber-attack are vital in limiting damage, regaining control and determining the cause and those responsible. Within SCADA and ICS environments there is certainly no exception. Critical National Infrastructure (CNI) relies heavily on SCADA systems to monitor and control critical processes. Many of these systems span huge geographical areas and contain thousands of individual devices, across an array of asset types. When an incident occurs, those assets contain forensic artefacts, which can be thought of as any data that provides explanation to the current state of the SCADA system. Knowing what devices exist within the network and the tools and methods to retrieve data from them are some of the biggest challenges for incident response within CNI. This paper aims to identify those assets and their forensic value whilst providing the tools needed to perform data acquisition in a forensically sound manner. It will also discuss the key stages in which the incident response process can be managed.

      Related collections

      Most cited references 19

      • Record: found
      • Abstract: not found
      • Article: not found

      SCADA Systems: Challenges for Forensic Investigators

        • Record: found
        • Abstract: not found
        • Article: not found

        ‘Intercepting network traffic’

         E. Hjelmvik (2011)
          • Record: found
          • Abstract: not found
          • Book: not found

          Recommended practice: Recommended practice: Creating cyber forensics plans for control systems

           M Fabro,  E Cornelius (2008)

            Author and article information

            Information Security Research group

            School of Computing and Mathematics

            Department of Computing, Engineering and Science

            University of South Wales

            Pontypridd, CF371DL

            Computer Science and Informatics

            Cardiff University, Queen’s Buildings

            5 The Parade, Roath

            Cardiff CF24 3AA, UK
            Airbus Group Innovations

            Quadrant House Celtic Springs


            Newport NP10 8FZ, UK
            Department of International Politics

            Aberystwyth University

            Penglais, Aberystwyth


            SY23 3FE, UK
            August 2016
            August 2016
            : 142-150
            © Eden et al. Published by BCS Learning & Development Ltd. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product Information: 1477-9358 BCS Learning & Development
            Self URI (journal page):
            Electronic Workshops in Computing


            Comment on this article