Forensic analysis of SCADA systems and networks

Authors:
T. Kilpatrick;J. Gonzalez;R. Chandia;M. Papa;S. Shenoi
Affiliations:
The University of Tulsa, Tulsa, Oklahoma 74104, USA.;The University of Tulsa, Tulsa, Oklahoma 74104, USA.;The University of Tulsa, Tulsa, Oklahoma 74104, USA.;The University of Tulsa, Tulsa, Oklahoma 74104, USA.;The University of Tulsa, Tulsa, Oklahoma 74104, USA
Venue:
International Journal of Security and Networks
Year:
2008

Citing 2
Cited 4

Supervisory Control and Data Acquisition

Supervisory Control and Data Acquisition
Incident Response & Computer Forensics, 2nd Ed.

Incident Response & Computer Forensics, 2nd Ed.

IEEE 802.11 user fingerprinting and its applications for intrusion detection

Computers & Mathematics with Applications
Wireless telemedicine and m-health: technologies, applications and research issues

International Journal of Sensor Networks
A survey of security visualization for computer network logs

Security and Communication Networks
A survey of cyber crimes

Security and Communication Networks

Quantified Score

Hi-index	0.01

Visualization

Abstract

Supervisory Control and Data Acquisition (SCADA) systems are commonly used to automate and control industrial processes. Modern SCADA protocols leverage TCP/IP to transport sensor data and control signals. Also, corporate IT infrastructures now interconnect with previously isolated SCADA networks, raising serious security issues. This paper describes an architecture that supports the forensic analysis of SCADA systems and networks. The architecture is implemented in a prototype networked environment using the popular Modbus TCP protocol. In addition to supporting forensic investigations, the architecture incorporates mechanisms for monitoring process behaviour and analysing trends that can help improve plant performance.