Live forensic analysis on an ICS / SCADA

No Thumbnail Available
Kamlofsky, Jorge Alejandro
Romero, Raúl Oscar
Journal Title
Journal ISSN
Volume Title
Universidad FASTA. Facultad de Ingeniería
The production of goods on a large scale is carried out in industrial control systems (ICS according to its acronym in English). They consist of a network of industrial automata that control the equipment that executes the production processes. They are supervised in computer terminals called SCADA. ICS are very robust systems, designed for continuous operation, but they are not designed to be safe. Therefore, connect them to corporate networks and also to the Internet, leaving their vulnerabilities exposed. In the face of cybersecurity incidents, computer forensics is presented as a tool that allows the analysis of events, but the background on these systems is very scarce. In addition, since continuous operation is important in these systems, the analysis must be carried out without stopping their operation. This paper details the performance of a forensic analysis on these systems, through live acquisition and without stopping the system's operation. The results are promising.
forensics, Supervisory Control and Data Acquisition, SCADA, Live-forensic SCADA, forensic on ICS
Kamlofsky, J.;; Romero, R.O. (2022). Live forensic analysis on an ICS / SCADA. En:Conferencia Nacional de Informática Forense, 6. 29-30 sept 2022, Proceedings. Mar del Plata, Argentina. Mar del Plata : Universidad FASTA. p.:30-37