Forensic Readiness for SCADA/ICS Incident Response

Peter Eden, Andrew Blyth, Pete Burnap, Yulia Cherdantseva, Kevin Jones, Hugh Soulsby, Kristan Stoddart

    Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion CynhadleddCyfraniad i gynhadleddadolygiad gan gymheiriaid


    The actions carried out following any cyber-attack are vital in limiting damage, regaining control and determining the cause and those responsible. Within SCADA and ICS environments there is certainly no exception. Critical National Infrastructure (CNI) relies heavily on SCADA systems to monitor and control critical processes. Many of these systems span huge geographical areas and contain thousands of individual devices, across an array of asset types. When an incident occurs, those assets contain forensic artefacts, which can be thought of as any data that provides explanation to the current state of the SCADA system.
    Knowing what devices exist within the network and the tools and methods to retrieve data from them are some of the biggest challenges for incident response within CNI. This paper aims to identify those assets and their forensic value whilst providing the tools needed to perform data acquisition in a forensically sound
    manner. It will also discuss the key stages in which the incident response process can be managed.
    Iaith wreiddiolSaesneg
    TeitlProceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016
    Man cyhoeddiSwindon, UK
    CyhoeddwrBCS Learning Development Ltd.
    Nifer y tudalennau9
    ISBN (Argraffiad)978-1-78017-3573
    Dynodwyr Gwrthrych Digidol (DOIs)
    StatwsCyhoeddwyd - Awst 2016
    Digwyddiad4th International Symposium for ICS & SCADA Cyber Security Research 2016 - Queen's University Belfast , Belfast, Y Deyrnas Unedig
    Hyd: 23 Awst 201625 Awst 2016
    Rhif y gynhadledd: 4th

    Cyfres gyhoeddiadau

    EnwICS-CSR '16
    CyhoeddwrBCS Learning Development Ltd.


    Cynhadledd4th International Symposium for ICS & SCADA Cyber Security Research 2016
    Teitl crynoICS-CSR 2016
    Gwlad/TiriogaethY Deyrnas Unedig

    Ôl bys

    Gweld gwybodaeth am bynciau ymchwil 'Forensic Readiness for SCADA/ICS Incident Response'. Gyda’i gilydd, maen nhw’n ffurfio ôl bys unigryw.

    Dyfynnu hyn