DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
ADA606880
Title:
Development of a Tailored Methodology and Forensic Toolkit for Industrial Control Systems Incident Response
Descriptive Note:
Master's thesis
Corporate Author:
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Report Date:
2014-06-01
Pagination or Media Count:
99.0
Abstract:
This thesis presents a methodology for incident response to identify anomalies and malicious adversary persistence within the networks responsible for the reliable operation of modern society s critical infrastructure. The chapters provide relevant background on the historical development and function of industrial control systems ICS and their unique security issues. The study of public technical data from intrusions into control systems produces a set of known adversary tactics for incorporation into the methodology. This work further documents the development of a repeatable technique to collect digital forensic artifacts from production control systems that is compatible with the strict operational constraints of these critical networks. The technique is then applied with a proof-of-concept hostand network-based toolkit for incident response that is tested against real-world data. The goal of the methodology and the supplementary toolkit is to elicit valuable, previously-unavailable findings with which to assess the scope of malicious intrusions into critical ICS networks.
Distribution Statement:
APPROVED FOR PUBLIC RELEASE