Forensics in Industrial Control System: A Case Study
This addresses forensic acquisition challenges in critical infrastructure like nuclear power plants, but it appears incremental as it builds on existing forensic concepts applied to ICS.
The paper tackles the lack of forensic methods for Industrial Control Systems (ICS) by presenting a case study that describes a method for safeguarding volatile artefacts from embedded systems and other sources, but it does not provide concrete results or numbers.
Industrial Control Systems (ICS) are used worldwide in critical infrastructures. An ICS system can be a single embedded system working stand-alone for controlling a simple process or ICS can also be a very complex Distributed Control System (DCS) connected to Supervisory Control And Data Acquisition (SCADA) system(s) in a nuclear power plant. Although ICS are widely used to-day, there are very little research on the forensic acquisition and analyze ICS artefacts. In this paper we present a case study of forensics in ICS where we de-scribe a method of safeguarding important volatile artefacts from an embedded industrial control system and several other sources