Development of a tailored methodology and forensic toolkit for industrial control systems incident response
Carr, Nicholas B.
MetadataShow full item record
This thesis presents a methodology for incident response to identify anomalies and malicious adversary persistence within the networks responsible for the reliable operation of modern society’s critical infrastructure. The chapters provide relevant background on the historical development and function of industrial control systems (ICS) and their unique security issues. The study of public technical data from intrusions into control systems produces a set of known adversary tactics for incorporation into the methodology. This work further documents the development of a repeatable technique to collect digital forensic artifacts from production control systems that is compatible with the strict operational constraints of these critical networks. The technique is then applied with a proof-of-concept host-and network-based toolkit for incident response that is tested against real-world data. The goal of the methodology and the supplementary toolkit is to elicit valuable, previously-unavailable findings with which to assess the scope of malicious intrusions into critical ICS networks.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Paulenich, John; Agbedo, Chukwuemeka; Rea, Kenneth (Monterey, California: Naval Postgraduate School, 2014-09);The increasing volume and sophistication of cyber-attacks, the adoption of virtualization technology, and the slow incorporation of new software on Navy networks has created a unique situation. The status quo has left those ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ...
Everton, Sean F.; Cunningham, Dan (Routledge, Taylor & Francis Group, 2012-09-25);To date, most social network analyses (SNAs) of terrorist groups have used network data that provide snap-shots of the groups at a single point in time. Seldom have they used network data that take into account how the ...