TY - GEN
T1 - Tools, techniques, and methodologies
T2 - 4th Annual Industrial Control System Security Workshop, ICSS 2018
AU - Awad, Rima Asmar
AU - Beztchi, Saeed
AU - Smith, Jared M.
AU - Lyles, Bryan
AU - Prowell, Stacy
N1 - Publisher Copyright:
© 2018 US Government.
PY - 2018/12/4
Y1 - 2018/12/4
N2 - Security aspects of SCADA environments and the systems within are increasingly a center of interest to researchers and security professionals. As the rise of sophisticated and nation-state malware targeting such systems flourishes, traditional digital forensics tools struggle to transfer the same capabilities to systems lacking typical volatile memory primitives, monitoring software, and the compatible operating-system primitives necessary for conducting forensic investigations. Even worse, SCADA systems are typically not designed and implemented with security in mind, nor were they purpose-built to monitor and record system data at the granularity associated with traditional IT systems. Rather, these systems are often built to control field devices and drive industrial processes. More succinctly, SCADA systems were not designed with a primary goal of interacting with the digital world. Consequently, forensics investigators well-versed in the world of digital forensics and incident response face an array of challenges that prevent them from conducting effective forensic investigation in environments with vast amounts of critical infrastructure. In order to bring SCADA systems within the reach of the armies of digital forensics professionals and tooling already available, both researchers and practitioners need a guide to the current state-of-the-art techniques, a road-map to the challenges lying on the path forward, and insight into the future directions R&D must move towards. To that end, this paper presents a survey into the literature on digital forensics applied to SCADA systems. We cover not only the challenges to applying digital forensics to SCADA like most other reviews, but also the range of proposed frameworks, methodologies, and actual implementations in literature.
AB - Security aspects of SCADA environments and the systems within are increasingly a center of interest to researchers and security professionals. As the rise of sophisticated and nation-state malware targeting such systems flourishes, traditional digital forensics tools struggle to transfer the same capabilities to systems lacking typical volatile memory primitives, monitoring software, and the compatible operating-system primitives necessary for conducting forensic investigations. Even worse, SCADA systems are typically not designed and implemented with security in mind, nor were they purpose-built to monitor and record system data at the granularity associated with traditional IT systems. Rather, these systems are often built to control field devices and drive industrial processes. More succinctly, SCADA systems were not designed with a primary goal of interacting with the digital world. Consequently, forensics investigators well-versed in the world of digital forensics and incident response face an array of challenges that prevent them from conducting effective forensic investigation in environments with vast amounts of critical infrastructure. In order to bring SCADA systems within the reach of the armies of digital forensics professionals and tooling already available, both researchers and practitioners need a guide to the current state-of-the-art techniques, a road-map to the challenges lying on the path forward, and insight into the future directions R&D must move towards. To that end, this paper presents a survey into the literature on digital forensics applied to SCADA systems. We cover not only the challenges to applying digital forensics to SCADA like most other reviews, but also the range of proposed frameworks, methodologies, and actual implementations in literature.
KW - Digital forensics
KW - ICS
KW - SCADA
KW - Survey
UR - http://www.scopus.com/inward/record.url?scp=85060632270&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85060632270
T3 - ACM International Conference Proceeding Series
SP - 1
EP - 8
BT - Proceedings - 4th Annual Industrial Control System Security Workshop, ICSS 2018
PB - Association for Computing Machinery
Y2 - 4 December 2018
ER -