Abstract
The increasing complexity of industrial control systems (ICS) and interconnection with other systems poses more safety- and/or security-related challenges due to a rising number of attacks and errors. The event reconstruction is the goal of the new field of ICS forensics differing from well-established Desktop-IT forensics. We identify ICS properties, implications and the impact on the forensic process.
Our primary contribution is the identifcation of ICS specific properties and their impact on the forensic process in order to foster forensic capabilities and forensic readiness in ICS. An existing model for Desktop-IT forensics is successfully adapted for use in ICS.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Inman, K., Rudin, N.: Principles and Practises of Criminalistics: The Profession of Forensic Science. CRC Press LLC, Boca Raton (2001)
Pollitt, M.: Applying traditional forensic taxonomy to digital forensics. In: Ray, I., Shenoi, S. (eds.) DigitalForensics 2008. ITIFIP, vol. 285, pp. 17–26. Springer, Boston, MA (2008). https://doi.org/10.1007/978-0-387-84927-0_2
Kiltz, S., Dittmann, J., Vielhauer, C.: Supporting forensic design - a course profile to teach forensics. In: IMF 2015. IEEE, Magdeburg (2015)
Peisert, S., Bishop, M., Marzullo, K.: Computer forensics in forensis. In: SADFE 2008, pp. 102–112. IEEA, Seattle (2008)
PROFIBUS and PROFINET International, PROFIBUS. https://www.profibus.com/technology/profibus/. Accessed 3 Feb 2019
PROFIBUS and PROFINET International: PROFINET. https://www.profibus.com/technology/profinet/. Accessed 3 Feb 2019
Modbus Organisation: Modbus. http://www.modbus.org/. Accessed 3 Feb 2019
ENISA: Introduction to Network Forensics. https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/documents/introduction-to-network-forensics-ex1-toolset.pdf. Accessed 20 Feb 2019
Rockwell Automation: Converged Plantwide Ethernet (CPwE) Design and Implementation Guide. https://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td001_-en-p.pdf. Accessed 3 Feb 2019
International Electrotechnical Commission: IEC 62443-2-1:2010 Industrial communication networks - Network and system security - Part 2–1: Establishing an industrial automation and control system security program (2010)
Van Vliet, P., Kechadi, M.-T., Le-Khac, N.-A.: Forensics in industrial control system: a case study. https://arxiv.org/ftp/arxiv/papers/1611/1611.01754.pdf. Accessed 3 Feb 19
Williams, T.J.: The Purdue enterprise reference architecture: a technical guide for CIM planning and implementation. Instrument Society of America, Research Triangle Park, NC (1992)
Acknowledgements
This document was produced with the financial assistance of the European Union. The views expressed herein can in no way be taken to reflect the official opinion of the European Union.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Altschaffel, R., Hildebrandt, M., Kiltz, S., Dittmann, J. (2019). Digital Forensics in Industrial Control Systems. In: Romanovsky, A., Troubitsyna, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11698. Springer, Cham. https://doi.org/10.1007/978-3-030-26601-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-26601-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26600-4
Online ISBN: 978-3-030-26601-1
eBook Packages: Computer ScienceComputer Science (R0)