SCADA forensic tools open source. What are they What they doSo.pdf
- 1. SCADA forensic tools open source. What are they? What they do? Solution SCADA stands for Supervisory Control and Data Acquisition. This technology is used to mainly ensure the operations and functionality of the control systems used in many industries. It is a software application program which is used to gathering of the data in real time from remote locations so as to control the equipment and conditions in such device environments. SCADA is mainly used in Transportation, Telecommunications, power plants, Gas refining industries and as well in water and waste control by government agencies too. they include software and hardware components, which gather and inputs the data into a computer machine and processes it. It also records all the log events into a file and stores in the local hardisk/server. These SCADA Systems/applications also warn when conditions become hazardous by sounding alarams. As these systems are operated in huge network environments there is a very high possibility of attacks. In recent years there has been an increasing number of attacks directly targeting these systems including the well published networks. Therefore , there is a need to have forensic analysis of these systems to determine, if breah has occured and the extent to which the system is compromised and also the details of how the functional operations and assets are affected. Apart from normal threats there are many cyber threats against SCADA systmes with sophisticated malware attacks, SQL Injection, cross-site scripting, and the buffer overflow attacks being the most common type of vulnerability. Digital forensic is an important part of an incident response strategy in an IT forensic investigation following an incident and will provide an effective response in a forensic manner. Investigative Steps: 1 Examination: Deals with the identitfy of potential sources of evidence, including the systems, the network and connected devices. 2 Identification: identify the types of systems to be investigated, which includes OS, serail numbers and model types of the PLC's, the network design and the implementation. 3 Collection: Collect the potential evidence from the memory systems that are suspected to be part of the SCADA system which is being investigated.
- 2. 4 Documentation: It is very critcial to keep accurate documentation of the investigation to ensure chain of custody. Records need to be kept of the evidence. The existing tools for SCADA Systems are: