Abstract
Major control systems such as ICS/SCADA are currently being used in the key infrastructures of our society, notably in the energy, transportation, and healthcare sectors. The PLC, which is located in the lowest layer of the control system, is directly connected to diverse field devices including sensors and actuators. In the event of a cyber-attack on the PLC, the potential ripple effects, such as a collapse of the national infrastructure, could be very large, making a high level of cyber safety essential. Therefore, it is necessary to apply digital forensic technology to the PLC to respond to cyber-attacks against the control system. However, conventional methods of directly investigating the PLC, such as network and memory forensics, have practical difficulties as they could compromise the availability of the control system. As such, this paper proposes a method of detecting and restoring logic data when the logic data are changed as a result of a cyber-attack, by using the digital forensic technology developed for the Engineering Workstation (EWS), which has been used to develop, manage and set the control system program logic.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Forensic Science International: Digital Investigation
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
