Article: An approach towards development of a supervisory control and data acquisition system forensics framework: concerns and challenges Journal: International Journal of Electronic Security and Digital Forensics (IJESDF) 2025 Vol.17 No.1/2 pp.30 - 44 Abstract: In the highly competitive technology market, supervisory control and data acquisition/industrial control systems (SCADA/ICS) have seen quick growth. They are also at the heart of operational technology (OT), which is used in businesses and processing facilities to monitor and control crucial processes in varied sectors as energy, railways and many more. However, in the event of a security incident (such as a system failure, security breach, man-in-the-middle attack or denial-of-service attack), it's critical to comprehend the digital forensics implications of such incidents, the procedures or protocols that must be followed during an investigation, the tools and techniques that an investigator should use, and where and how forensic data can be collected. It is crucial that forensic investigations start right away after a security incident due to the rising threat of sophisticated attacks on key infrastructures. This examination of current SCADA forensic researches and numerous forensic investigation methods is presented in this work. The limitations of employing conventional forensic investigative methods and the difficulties faced by forensic investigators have also been covered. The shortcomings of current research into offering forensic capacity for SCADA systems are also thoroughly reviewed. Inderscience Publishers - linking academia, business and industry through research

Title: An approach towards development of a supervisory control and data acquisition system forensics framework: concerns and challenges

Authors: Ramya Shah; Digvijaysinh Rathod

Addresses: School of Cyber Security and Digital Forensics, National Forensic Sciences University, Gandhinagar, Gujarat, India ' School of Cyber Security and Digital Forensics, National Forensic Sciences University, Gandhinagar, Gujarat, India

Abstract: In the highly competitive technology market, supervisory control and data acquisition/industrial control systems (SCADA/ICS) have seen quick growth. They are also at the heart of operational technology (OT), which is used in businesses and processing facilities to monitor and control crucial processes in varied sectors as energy, railways and many more. However, in the event of a security incident (such as a system failure, security breach, man-in-the-middle attack or denial-of-service attack), it's critical to comprehend the digital forensics implications of such incidents, the procedures or protocols that must be followed during an investigation, the tools and techniques that an investigator should use, and where and how forensic data can be collected. It is crucial that forensic investigations start right away after a security incident due to the rising threat of sophisticated attacks on key infrastructures. This examination of current SCADA forensic researches and numerous forensic investigation methods is presented in this work. The limitations of employing conventional forensic investigative methods and the difficulties faced by forensic investigators have also been covered. The shortcomings of current research into offering forensic capacity for SCADA systems are also thoroughly reviewed.

Keywords: SCADA forensics; ICS forensics; OT; digital forensics.

DOI: 10.1504/IJESDF.2025.143474

International Journal of Electronic Security and Digital Forensics, 2025 Vol.17 No.1/2, pp.30 - 44

Received: 24 Dec 2022
Accepted: 05 Jun 2023
Published online: 23 Dec 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: An approach towards development of a supervisory control and data acquisition system forensics framework: concerns and challenges

Keep up-to-date