A Forensic Logging System for Siemens Programmable Logic Controllers - Advances in Digital Forensics XIV
Conference Papers Year : 2018

A Forensic Logging System for Siemens Programmable Logic Controllers

Kam-Pui Chow
  • Function : Author
  • PersonId : 989410

Abstract

Critical infrastructure assets are monitored and managed by industrial control systems. In recent years, these systems have evolved to adopt common networking standards that expose them to cyber attacks. Since programmable logic controllers are core components of industrial control systems, forensic examinations of these devices are vital during responses to security incidents. However, programmable logic controller forensics is a challenging task because of the lack of effective logging systems.This chapter describes the design and implementation of a novel programmable logic controller logging system. Several tools are available for generating programmable logic controller audit logs; these tools monitor and record the values of programmable logic controller memory variables for diagnostic purposes. However, the logged information is inadequate for forensic investigations. To address this limitation, the logging system extracts data from Siemens S7 communications protocol traffic for forensic purposes. The extracted data is saved in an audit log file in an easy-to-read format that enables a forensic investigator to efficiently examine the activity of a programmable logic controller.
Fichier principal
Vignette du fichier
472401_1_En_18_Chapter.pdf (2.43 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01988850 , version 1 (22-01-2019)

Licence

Identifiers

Cite

Ken Yau, Kam-Pui Chow, Siu-Ming Yiu. A Forensic Logging System for Siemens Programmable Logic Controllers. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.331-349, ⟨10.1007/978-3-319-99277-8_18⟩. ⟨hal-01988850⟩
126 View
688 Download

Altmetric

Share

More