Forensic analysis can help maintain the security of process control systems: identifying the root cause of a system compromise or failure is useful for mitigating current and future threats. However, forensic analysis of control systems is complicated by three factors. First, live analysis must not impact the performance and functionality of a control system. Second, the analysis should be performed remotely as control systems are typically positioned in widely dispersed locations. Third, forensic techniques and tools must accommodate proprietary or specialized control system hardware, software, applications and protocols. This paper explores the use of a popular digital forensic tool, EnCase Enterprise, for conducting remote forensic examinations of process control systems. Test results in a laboratory-scale environment demonstrate the feasibility of conducting remote forensic analyses on live control systems.
Keywords: Process control systems, digital forensics, live forensics, EnCase
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Guidance Software, EnCase Enterprise (www.guidancesoftware. com/products/ee index. asp), 2006.
Guidance Software, How it works - EnCase Enterprise (www.guidance software. com/products/ee HowItWorks. asp), 2006.
A. Miller, Trends in process control systems security, IEEE Security and Privacy, vol. 3(5), pp. 57-60, 2005.
Office of Homeland Security, The National Strategy for Homeland Secu- rity, The White House, Washington, DC (www. whitehouse), 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Cassidy, R.F., Chavez, A., Trent, J., Urrea, J. (2008). Remote Forensic Analysis of Process Control Systems. In: Goetz, E., Shenoi, S. (eds) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-75462-8_16
Download citation
DOI: https://doi.org/10.1007/978-0-387-75462-8_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-75461-1
Online ISBN: 978-0-387-75462-8
eBook Packages: Computer ScienceComputer Science (R0)