| HAL-Inria | Publications, software ... of Inria's scientists |
Conference papers
A Forensic Logging System for Siemens Programmable Logic Controllers
Abstract : Critical infrastructure assets are monitored and managed by industrial control systems. In recent years, these systems have evolved to adopt common networking standards that expose them to cyber attacks. Since programmable logic controllers are core components of industrial control systems, forensic examinations of these devices are vital during responses to security incidents. However, programmable logic controller forensics is a challenging task because of the lack of effective logging systems.This chapter describes the design and implementation of a novel programmable logic controller logging system. Several tools are available for generating programmable logic controller audit logs; these tools monitor and record the values of programmable logic controller memory variables for diagnostic purposes. However, the logged information is inadequate for forensic investigations. To address this limitation, the logging system extracts data from Siemens S7 communications protocol traffic for forensic purposes. The extracted data is saved in an audit log file in an easy-to-read format that enables a forensic investigator to efficiently examine the activity of a programmable logic controller.
Cited literature [18 references]
https://hal.inria.fr/hal-01988850
Contributor : Hal Ifip <>
Submitted on : Tuesday, January 22, 2019 - 9:44:56 AM
Last modification on : Thursday, February 7, 2019 - 3:40:58 PM
Long-term archiving on: : Tuesday, April 23, 2019 - 2:01:00 PM
Contributor : Hal Ifip <>
Submitted on : Tuesday, January 22, 2019 - 9:44:56 AM
Last modification on : Thursday, February 7, 2019 - 3:40:58 PM
Long-term archiving on: : Tuesday, April 23, 2019 - 2:01:00 PM
File
472401_1_En_18_Chapter.pdf
Files produced by the author(s)
Licence
Distributed under a Creative Commons Attribution 4.0 International License