Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Abstract : Critical infrastructure assets are monitored and managed by industrial control systems. In recent years, these systems have evolved to adopt common networking standards that expose them to cyber attacks. Since programmable logic controllers are core components of industrial control systems, forensic examinations of these devices are vital during responses to security incidents. However, programmable logic controller forensics is a challenging task because of the lack of effective logging systems.This chapter describes the design and implementation of a novel programmable logic controller logging system. Several tools are available for generating programmable logic controller audit logs; these tools monitor and record the values of programmable logic controller memory variables for diagnostic purposes. However, the logged information is inadequate for forensic investigations. To address this limitation, the logging system extracts data from Siemens S7 communications protocol traffic for forensic purposes. The extracted data is saved in an audit log file in an easy-to-read format that enables a forensic investigator to efficiently examine the activity of a programmable logic controller.
https://hal.inria.fr/hal-01988850 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Tuesday, January 22, 2019 - 9:44:56 AM Last modification on : Thursday, February 7, 2019 - 3:40:58 PM Long-term archiving on: : Tuesday, April 23, 2019 - 2:01:00 PM
Ken yau, Kam-Pui Chow, Siu-Ming yiu. A Forensic Logging System for Siemens Programmable Logic Controllers. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.331-349, ⟨10.1007/978-3-319-99277-8_18⟩. ⟨hal-01988850⟩