skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems

Abstract

Security aspects of SCADA environments and the systems within are increasingly a center of interest to researchers and security professionals. As the rise of sophisticated and nation-state malware targeting such systems flourishes, traditional digital forensics tools struggle to transfer the same capabilities to systems lacking typical volatile memory primitives, monitoring software, and the compatible operating-system primitives necessary for conducting forensic investigations. Even worse, SCADA systems are typically not designed and implemented with security in mind, nor were they purpose-built to monitor and record system data at the granularity associated with traditional IT systems. Rather, these systems are often built to control field devices and drive industrial processes. More succinctly, SCADA systems were not designed with a primary goal of interacting with the digital world. Consequently, forensics investigators well-versed in the world of digital forensics and incident response face an array of challenges that prevent them from conducting effective forensic investigation in environments with vast amounts of critical infrastructure. In order to bring SCADA systems within the reach of the armies of digital forensics professionals and tooling already available, both researchers and practitioners need a guide to the current state-of-the-art techniques, a road-map to the challenges lying on the path forward,more » and insight into the future directions R&D must move towards. To that end, this paper presents a survey into the literature on digital forensics applied to SCADA systems. We cover not only the challenges to applying digital forensics to SCADA like most other reviews, but also the range of proposed frameworks, methodologies, and actual implementations in literature.« less

Authors:
 [1];  [1]; ORCiD logo [1]; ORCiD logo [1]; ORCiD logo [1]
  1. ORNL
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1493135
DOE Contract Number:  
AC05-00OR22725
Resource Type:
Conference
Resource Relation:
Conference: Annual Computer Security Applications Conference - San Juan, Puerto Rico, United States of America - 12/3/2018 5:00:00 AM-12/7/2018 5:00:00 AM
Country of Publication:
United States
Language:
English

Citation Formats

Awad, Rima L., Beztchi, Saeed A., Smith, Jared M., Lyles, Joseph B., and Prowell, Stacy J. Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems. United States: N. p., 2018. Web. doi:10.1145/3295453.3295454.
Awad, Rima L., Beztchi, Saeed A., Smith, Jared M., Lyles, Joseph B., & Prowell, Stacy J. Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems. United States. doi:10.1145/3295453.3295454.
Awad, Rima L., Beztchi, Saeed A., Smith, Jared M., Lyles, Joseph B., and Prowell, Stacy J. Sat . "Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems". United States. doi:10.1145/3295453.3295454. https://www.osti.gov/servlets/purl/1493135.
@article{osti_1493135,
title = {Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems},
author = {Awad, Rima L. and Beztchi, Saeed A. and Smith, Jared M. and Lyles, Joseph B. and Prowell, Stacy J.},
abstractNote = {Security aspects of SCADA environments and the systems within are increasingly a center of interest to researchers and security professionals. As the rise of sophisticated and nation-state malware targeting such systems flourishes, traditional digital forensics tools struggle to transfer the same capabilities to systems lacking typical volatile memory primitives, monitoring software, and the compatible operating-system primitives necessary for conducting forensic investigations. Even worse, SCADA systems are typically not designed and implemented with security in mind, nor were they purpose-built to monitor and record system data at the granularity associated with traditional IT systems. Rather, these systems are often built to control field devices and drive industrial processes. More succinctly, SCADA systems were not designed with a primary goal of interacting with the digital world. Consequently, forensics investigators well-versed in the world of digital forensics and incident response face an array of challenges that prevent them from conducting effective forensic investigation in environments with vast amounts of critical infrastructure. In order to bring SCADA systems within the reach of the armies of digital forensics professionals and tooling already available, both researchers and practitioners need a guide to the current state-of-the-art techniques, a road-map to the challenges lying on the path forward, and insight into the future directions R&D must move towards. To that end, this paper presents a survey into the literature on digital forensics applied to SCADA systems. We cover not only the challenges to applying digital forensics to SCADA like most other reviews, but also the range of proposed frameworks, methodologies, and actual implementations in literature.},
doi = {10.1145/3295453.3295454},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {12}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: