Tools, techniques, and methodologies: A survey of digital forensics for SCADA systems

Rima Asmar Awad, Saeed Beztchi, Jared M. Smith, Bryan Lyles, Stacy Prowell

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

22 Scopus citations

Abstract

Security aspects of SCADA environments and the systems within are increasingly a center of interest to researchers and security professionals. As the rise of sophisticated and nation-state malware targeting such systems flourishes, traditional digital forensics tools struggle to transfer the same capabilities to systems lacking typical volatile memory primitives, monitoring software, and the compatible operating-system primitives necessary for conducting forensic investigations. Even worse, SCADA systems are typically not designed and implemented with security in mind, nor were they purpose-built to monitor and record system data at the granularity associated with traditional IT systems. Rather, these systems are often built to control field devices and drive industrial processes. More succinctly, SCADA systems were not designed with a primary goal of interacting with the digital world. Consequently, forensics investigators well-versed in the world of digital forensics and incident response face an array of challenges that prevent them from conducting effective forensic investigation in environments with vast amounts of critical infrastructure. In order to bring SCADA systems within the reach of the armies of digital forensics professionals and tooling already available, both researchers and practitioners need a guide to the current state-of-the-art techniques, a road-map to the challenges lying on the path forward, and insight into the future directions R&D must move towards. To that end, this paper presents a survey into the literature on digital forensics applied to SCADA systems. We cover not only the challenges to applying digital forensics to SCADA like most other reviews, but also the range of proposed frameworks, methodologies, and actual implementations in literature.

Original languageEnglish
Title of host publicationProceedings - 4th Annual Industrial Control System Security Workshop, ICSS 2018
PublisherAssociation for Computing Machinery
Pages1-8
Number of pages8
ISBN (Electronic)9781450362207
StatePublished - Dec 4 2018
Event4th Annual Industrial Control System Security Workshop, ICSS 2018 - San Juan, United States
Duration: Dec 4 2018 → …

Publication series

NameACM International Conference Proceeding Series

Conference

Conference4th Annual Industrial Control System Security Workshop, ICSS 2018
Country/TerritoryUnited States
CitySan Juan
Period12/4/18 → …

Funding

This manuscript has been authored by UT-Battelle, LLC, under contract DE-AC05-00OR22725 with the US Department of Energy (DOE). The US government retains and the publisher, by accepting the article for publication, acknowledges that the US government retains a nonexclusive, paid-up, irrevocable, worldwide license to publish or reproduce the published form of this manuscript, or allow others to do so, for US government purposes. DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan). ICSS ’18, December 2018, Puerto Rico, USA © 2018 US Government. "$. *4#/ 9 1 4503 220 /1 /12y 15.00 https://doi.org/10.1145/3295453.3295454 This work was completed as part of the US Department of Energy Cybersecurity for Energy Delivery Systems (CEDS) program at Oak Ridge National Laboratory. CEDS is a program under the DOE Office of Science. Oak Ridge National Laboratory is managed by UT-Battelle, LLC for the US Department of Energy under contract DE-AC05-00OR22725.

FundersFunder number
US Department of EnergyDE-AC05-00OR22725
U.S. Department of Energy
Oak Ridge National Laboratory

    Keywords

    • Digital forensics
    • ICS
    • SCADA
    • Survey

    Fingerprint

    Dive into the research topics of 'Tools, techniques, and methodologies: A survey of digital forensics for SCADA systems'. Together they form a unique fingerprint.

    Cite this