Development of a tailored methodology and forensic toolkit for industrial control systems incident response
Carr, Nicholas B.
MetadataShow full item record
This thesis presents a methodology for incident response to identify anomalies and malicious adversary persistence within the networks responsible for the reliable operation of modern society’s critical infrastructure. The chapters provide relevant background on the historical development and function of industrial control systems (ICS) and their unique security issues. The study of public technical data from intrusions into control systems produces a set of known adversary tactics for incorporation into the methodology. This work further documents the development of a repeatable technique to collect digital forensic artifacts from production control systems that is compatible with the strict operational constraints of these critical networks. The technique is then applied with a proof-of-concept host-and network-based toolkit for incident response that is tested against real-world data. The goal of the methodology and the supplementary toolkit is to elicit valuable, previously-unavailable findings with which to assess the scope of malicious intrusions into critical ICS networks.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Stenzoski, Jeffrey J. (Monterey, California. Naval Postgraduate School, 1992-09);This thesis investigates the extension of an X11 Windows-based application using the high-level Andrew Toolkit to permit direct knowledge base access via a graphical user interface (GUI), Programming with Andrew Toolkit ...
Turner, Mitchell K R (Monterey, California. Naval Postgraduate School, 1994-09);This thesis discusses the need for and design of a software toolkit to monitor Distributed Interactive Simulation (DIS) network performance. Plans to merge virtual environment and wargaming simulations into combined exercises ...
Effectiveness of United States–led economic sanctions as a counterproliferation tool against Iran’s nuclear weapons program Millwee, Joel S. (Monterey, California: Naval Postgraduate School, 2015-12);The use of financial interdiction to disrupt the development of weapons of mass destruction (WMD) and their components is an option in the so-called counterproliferation toolkit. The effectiveness of economic counterproliferation ...