Skip to main content
SpringerLink
Log in

Forensics in Industrial Control System: A Case Study

  • Conference paper
  • First Online:
Security of Industrial Control Systems and Cyber Physical Systems (CyberICS 2015, WOS-CPS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9588))

Abstract

Industrial Control Systems (ICS) are used worldwide in critical infrastructures. An ICS system can be a single embedded system working stand-alone for controlling a simple process or ICS can also be a very complex Distributed Control System (DCS) connected to Supervisory Control And Data Acquisition (SCADA) system(s) in a nuclear power plant. Although ICS are widely used today, there are very little research on the forensic acquisition and analyze ICS’s artefacts. In this paper we present a case study of forensics in ICS where we describe a method of safeguarding important volatile artefacts from an embedded industrial control system and several other sources.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wu, T. et al.: Towards a SCADA forensics architecture, Newport (2013)

    Google Scholar 

  2. Barbosa, R.: Anomaly detection in SCADA systems, Enschede (2014)

    Google Scholar 

  3. van der Knijff, R.: Control systems/SCADA forensics, what’s the difference, The Hague (2014)

    Google Scholar 

  4. U.S. Department of Homeland Security, Creating Cyber Forensics Plans for Control Systems, Idaho (2008)

    Google Scholar 

  5. http://en.wikipedia.org/wiki/DCF77

  6. Boyer, S.: SCADA Supervisory Control and Data Acquisition, 2nd edn. ISA, Research Triangle Park (1999)

    Google Scholar 

  7. Modbus. http://en.wikipedia.org/wiki/Modbus. Accessed 4 Feb 2015

  8. Profibus. http://en.wikipedia.org/wiki/Profibus. Accessed 4 Feb 2015

  9. CRISALIS, Critical Infrastructure Security Analysis (2015). http://www.crisalis-project.eu/

  10. Security Onion Linux suite. http://www.securityonion.net. Accessed 17 May 2015

  11. Wireshark. https://wiki.wireshark.org/CaptureSetup/Ethernet

  12. Hjelmvik, E.: SCADA network forensics, Stockholm (2014)

    Google Scholar 

  13. Aouad, L.M., Le-Khac, N.-A., Kechadi, T.: Lightweight clustering technique for distributed data mining applications. In: Perner, P. (ed.) ICDM 2007. LNCS (LNAI), vol. 4597, pp. 120–134. Springer, Heidelberg (2007)

    Google Scholar 

  14. Le-Khac, N.-A., Aouad, L.M., Kechadi, M.-T.: A new approach for distributed density based clustering on grid platform. In: Cooper, R., Kennedy, J. (eds.) BNCOD 2007. LNCS, vol. 4587, pp. 247–258. Springer, Heidelberg (2007)

    Google Scholar 

  15. Le-Khac, N.-A., Aouad, L.M., Kechadi, M.-T.: Distributed knowledge map for mining data on grid platforms. IJCSNS Int. J. Comput. Sci. Netw. Secur. 7(10), 98 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Informatics, University College Dublin, Belfield, Dublin 4, Ireland

    M.-T. Kechadi & Nhien-An Le-Khac

  2. Rijkswaterstaat Security Centre, Ministry of Infrastructure and the Environment, Derde Werelddreef 1, Delft, The Netherlands

    Pieter Van Vliet

Authors
  1. Pieter Van Vliet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M.-T. Kechadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nhien-An Le-Khac
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nhien-An Le-Khac .

Editor information

Editors and Affiliations

  1. Airbus Defence & Space Cybersecurity, Elancourt, France

    Adrien BĂ©cue

  2. Télécom Bretagne, Cesson-Sévigné, France

    Nora Cuppens-Boulahia

  3. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  4. Center for Cyber & Information Security, Norwegian Univ. of Science & Technology, Gjøvik, Norway

    Sokratis Katsikas

  5. Department of Digital Systems, University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Van Vliet, P., Kechadi, MT., Le-Khac, NA. (2016). Forensics in Industrial Control System: A Case Study. In: BĂ©cue, A., Cuppens-Boulahia, N., Cuppens, F., Katsikas, S., Lambrinoudakis, C. (eds) Security of Industrial Control Systems and Cyber Physical Systems. CyberICS WOS-CPS 2015 2015. Lecture Notes in Computer Science(), vol 9588. Springer, Cham. https://doi.org/10.1007/978-3-319-40385-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40385-4_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40384-7

  • Online ISBN: 978-3-319-40385-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation