Forensic analysis in an industrial automation environment

Forensic analysis in an industrial automation environment

Forensic analysis in an industrial automation environment 1000 528 Centro de Ciberseguridad Industrial

The range of potential incidents to which an industrial automation environment is exposed is vast. It is extremely important to know how to carry out a detailed forensic analysis that helps us to identify the type of incident, its origins and consequences to implement the best solution and avoid future replicas. A forensic analysis in industrial automation environments is the key tool to determine the criteria to be followed in the treatment of electronic evidence. What is a forensic analysis in an OT environment? What are the keys to carry it out? What training is necessary to perform and execute it?

What is forensic analysis in an industrial automation environment?

A forensic analysis is a detailed investigation to be conducted after receiving an incident and/or attack. An attack that has affected automation and control systems. The aim of the analysis is the detection and identification of the reasons for the attack, the culprits and the consequences. The analysis shall be performed after the threat has been detected and materialised. 

To properly undertake a forensic analysis in an industrial automation environment, work has to be done in stages. These phases are focused on identifying evidence, acquiring data and producing the actual report with results. The aim is to find out the causes, the perpetrators, the methodology used and to detect vulnerabilities in the systems that caused the attack. 

In its elaboration, it will be necessary to know the detailed standard guide of “good practices” in the forensic analysis of industrial automation and control systems. A theoretical-practical dossier that you can discover in the Forensic Analysis in an industrial automation environment workshop given by CCI in September 2022 – Online version. 

What does forensic analysis involve and how is it done in the OT environment?

In the environment we are focusing on, the industrial one, there is a wide variety of incidents with different implications and consequences. Each situation and occasion is considered unique, requiring a detailed and exclusive study, even when dealing with the same infrastructures. With specific equipment and the appropriate tools and training, the need for a detailed forensic analysis can be assessed.

This forensic analysis in industrial environments will help determine the criteria to be applied in the treatment of electronic evidence found in critical systems.

For the design of this type of forensic analysis, it is essential to know:

–           The typology of technological crimes in an industrial organisation, the evidence, its characteristics and, of course, its safekeeping.

–           The main techniques and tools that can be used in OT environment forensic analysis.

–           How to draw up a detailed and comprehensive expert report.

Forensic analysis training in OT

Professionals from all fields who wish to broaden their knowledge in this area will need the appropriate training to do so. At CCI, we offer a 6-hour theoretical-practical workshop in an online version focused on learning how to carry out a forensic analysis in an industrial automation and control environment.

Through the teacher’s tutorials and explanations during the two days of the workshop (19 and 20 September 2022), students will learn the keys and the methodology to successfully produce this type of report. 

They will participate in the workshop in a practical way by individually discovering and realising a real use case. They will have to implement the step-by-step learning process of a forensic investigation: gathering evidence, detecting errors, drafting their own report, etc. 

Students will also work with the tools needed to uncover the incident’s causes; practice forensic imaging and network traffic analysis; learn how to collect the information needed to document the case; and finally, discover best practices for designing and creating the expert report. 

A theoretical and practical workshop with a detailed programme updated to the current scenario for which no extraordinary requirements are necessary (it is advisable to have a basic knowledge of industrial environments such as automation and industrial communications).

        Industrial automation technologies and risk scenarios

        Presentation of use case

        Characteristics of forensic analysis

        Forensic analysis in OT systems

        Forensic analysis in industrial networks

        Forensics in IT/OT integration

        Practice of forensic analysis in a OT environment

        Presentation of Practice Results

The next edition of CCI’s Forensic Analysis in an Industrial Automation Environment workshop is already underway. It will take place on 19 and 20 September 2022 from 3 pm to 6 pm (Spanish time).

Registration are now opened, and places are limited.

Discover more information and registration: HERE