Cyber Forensic Tool Kit for Machinery Control

For machinery control systems, forensics is a vital part to provide a cyber-protection strategy and aid in identification and troubleshooting of system malfunctions due to malicious and non-malicious events. A number of unique challenges exist for the forensic analysis of SCADA based systems. Components of a SCADA system are often resource constrained. In addition, SCADA based systems have a critical requirement of being continuously operational. The resource constrained nature of SCADA systems and the 24/7 availability requirement calls for live forensic solutions where the data acquisition and analysis are performed at run time. Despite such emerging demands, there are still no comprehensive software design and implementation to systemically address live forensic issues on a SCADA system in a way to minimize risk to the systems services. To address this critical need, IAI and its team propose to develop Digital Forensic Took Kit for Machinery Control Systems (TRACE), a live digital forensics took kit that, at run time, provide a cyber-protection strategy and aid in identification of malfunctions while ensuring minimal impact on overall system performance. The key innovation is to deploy