Accession Number : ADA606880


Title :   Development of a Tailored Methodology and Forensic Toolkit for Industrial Control Systems Incident Response


Descriptive Note : Master's thesis


Corporate Author : NAVAL POSTGRADUATE SCHOOL MONTEREY CA


Personal Author(s) : Carr, Nicholas B


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a606880.pdf


Report Date : Jun 2014


Pagination or Media Count : 99


Abstract : This thesis presents a methodology for incident response to identify anomalies and malicious adversary persistence within the networks responsible for the reliable operation of modern society s critical infrastructure. The chapters provide relevant background on the historical development and function of industrial control systems (ICS) and their unique security issues. The study of public technical data from intrusions into control systems produces a set of known adversary tactics for incorporation into the methodology. This work further documents the development of a repeatable technique to collect digital forensic artifacts from production control systems that is compatible with the strict operational constraints of these critical networks. The technique is then applied with a proof-of-concept hostand network-based toolkit for incident response that is tested against real-world data. The goal of the methodology and the supplementary toolkit is to elicit valuable, previously-unavailable findings with which to assess the scope of malicious intrusions into critical ICS networks.


Descriptors :   *FORENSIC ANALYSIS , *INDUSTRIES , PRODUCTION CONTROL , SOCIETIES , TOOL KITS


Subject Categories : Mfg & Industrial Eng & Control of Product Sys


Distribution Statement : APPROVED FOR PUBLIC RELEASE