Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.6.1351

Research Trends of SCADA Digital Forensics and Future Research Proposal  

Shin, Jiho (Korean National Police University)
Seo, Jungtaek (SoonChunHyang University)
Abstract
When SCADA is exposed to cyber threats and attacks, serious disasters can occur throughout society. This is because various security threats have not been considered when building SCADA. The bigger problem is that it is difficult to patch vulnerabilities quickly because of its availability. Digital forensics procedures and techniques need to be used to analyze and investigate vulnerabilities in SCADA systems in order to respond quickly against cyber threats and to prevent incidents. This paper addresses SCADA forensics taxonomy and research trends for effective digital forensics investigation on SCADA system. As a result, we have not been able to find any research that goes far beyond traditional digital forensics on procedures and methodologies. But it is meaningful to develop an approach methodology using the characteristics of the SCADA system, or an exclusive tool for SCADA. Analysis techniques mainly focused on PLC and SCADA network protocol. It is because the cyber threats and attacks targeting SCADA are mostly related to PLC or network protocol. Such research seems to continue in the future. Unfortunately, there is lack of discussion about the 'Evidence Capability' such as the preservation or integrity of the evidence extracting from SCADA system in the past researches.
Keywords
SCADA; ICS; Digital Forensics; SCADA Forensics; Research Trends;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Tina Wu & Jason RC Nurse, "Exploring the use of PLC debugging tools for digital forensic investigations on SCADA systems," Journal of Digital Forensics, Security and Law, vol 10, no.4, pp. 79-96, 2015
2 Hyung-Geun Park, "Detailed Analysis Report of Stuxnet," IBM Security, IBM Korea, 2010
3 Peter Eden et al. "A forensic taxonomy of SCADA systems and approach to incident response," Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research. BCS Learning & Development Ltd., pp. 42-51, 2015
4 Hee-Sung Tak and Won-Sang Lee, "A Study on a Model Frame for the Integration of Digital Forensic Processes," Research Series 16-AA-01, Korean Institute of Criminology, 2017
5 DFRWS, "A Road Map for Digital Forensics Research", DFRWS Technical Report, DFRWS, 2001
6 Irfan Ahmed et al. "Scada systems: Challenges for forensic investigators," Computer, vol. 45 no. 12, pp. 44-51, 2012   DOI
7 Dominique Brezinski et al., "Guidelines for Evidence Collection and Archiving", RFC 3227, International Engineering Task Force, 2002
8 Karen Kent et al., "Guide to Integrating Forensic Techniques into Incident Response", Special Publication 800-86 , National Institute of Standards and Technology, 2006
9 Forensic Proof, "Live Forensics", http://forensic-proof.com/archives/3378
10 Tina Wu et al., "Towards a SCADA forensics architecture," Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research, vol. 12, pp. 12-21, 2013
11 Joe Stirland et al. "Developing cyber forensics for SCADA industrial control systems," The International Conference on Information Security and Cyber Forensics (InfoSec2014), The Society of Digital Information and Wireless Communication, pp. 98-111, 2014
12 Keith Stouffer et al., "Guide to Industrial Control Systems(ICS) Security", Special Publication 800-82 Rev.2, National Institute of Standards and Technology, 2015
13 Saranyan Senthivel et al., "SCADA network forensics of the PCCC protocol," Digital Investigation, pp. 57-65, 2017
14 Tina Wu and Jason R.C. Nurse, "Exploring The Use Of PLC Debugging Tools For Digital Forensic Investigations On SCADA Systems," Journal of Digital Forensics, Security and Law, vol. 10, no. 4, pp. 79-96, 2015
15 Ken Yau and Kam-Pui Chow, "PLC Forensics Based on Control Program Logic Change Detection," Journal of Digital Forensics, Security and Law, vol. 10, no. 4, pp. 59-68, 2015
16 Amit Kleinmann and Wool, Avishai, "Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics," Journal of Digital Forensics, Security and Law, vol. 9, no. 2, pp. 37-50, 2014
17 Hyung Cheon Kim, "ICS Dataset for Security Research", 4th CPS Security Workshop, KIISC, pp. 23-37, 2019
18 Ken Yau et al., "A Forensic Logging System for Siemens Programmable Logic Controllers," IFIP International Conference Digital Forensics : Chapter 18, pp. 331-349, 2018