{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,4]],"date-time":"2025-04-04T09:26:13Z","timestamp":1743758773238},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319736969"},{"type":"electronic","value":"9783319736976"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-73697-6_9","type":"book-chapter","created":{"date-parts":[[2018,1,4]],"date-time":"2018-01-04T21:53:43Z","timestamp":1515102823000},"page":"117-129","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Digital Forensic Readiness in Critical Infrastructures: A Case of Substation Automation in the Power Sector"],"prefix":"10.1007","author":[{"given":"Asif","family":"Iqbal","sequence":"first","affiliation":[]},{"given":"Mathias","family":"Ekstedt","sequence":"additional","affiliation":[]},{"given":"Hanan","family":"Alobaidli","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,1,6]]},"reference":[{"key":"9_CR1","unstructured":"U.S. General Accounting Office: Cyber security guidance is available, but more can be done to promote its use (2011). http:\/\/www.gao.gov\/assets\/590\/587529.pdf"},{"key":"9_CR2","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1016\/j.ijcip.2014.12.002","volume":"8","author":"C Alcaraz","year":"2015","unstructured":"Alcaraz, C., Zeadally, S.: Critical infrastructure protection: requirements and challenges for the 21st century. Int. J. Crit. Infrastruct. Prot. 8, 53\u201366 (2015)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"9_CR3","unstructured":"U.S. Department of Homeland Security: What is critical infrastructure? (2016). https:\/\/www.dhs.gov\/what-criticalinfrastructure"},{"key":"9_CR4","unstructured":"Critical infrastructure sectors (2016). https:\/\/www.dhs.gov\/critical-infrastructure-sectors"},{"key":"9_CR5","unstructured":"KTH Royal Institute of Technology (2013). Viking: https:\/\/www.kth.se\/en\/ees\/omskolan\/organisation\/avdelningar\/ics\/research\/cc\/proj\/v\/viking-1.407871"},{"key":"9_CR6","unstructured":"Trend Micro Incorporated: Report on cybersecurity and critical infrastructure in the americas (2015). http:\/\/www.trendmicro.com\/cloudcontent\/us\/pdfs\/securityintelligence\/reports\/critical-infrastructures-west-hemisphere.pdf"},{"key":"9_CR7","unstructured":"SANS ICS: Analysis of the cyber attack on the Ukrainian power grid (2016). https:\/\/ics.sans.org\/media\/E-ISAC_SANS_Ukraine_DUC_5.pdf"},{"issue":"3","key":"9_CR8","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49\u201351 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"9_CR9","unstructured":"CESG National Technical Authority for Information Assurance: Good practice guide: Forensic readiness (2015). https:\/\/www.cesg.gov.uk\/content\/files\/guidancefiles\/Forensic%20Readiness%20(Good%20Practice%20Guide%2018)1.2.pdf"},{"key":"9_CR10","unstructured":"Ammann, R.: Network forensic readiness: a bottom-up approach for IPv6 networks. Ph.D. dissertation, Auckland University of Technology (2012)"},{"key":"9_CR11","unstructured":"Sule, D.: Importance of forensic readiness (2014). http:\/\/www.isaca.org\/Journal\/archives\/2014\/Volume-1\/Pages\/JOnline-Importance-of-Forensic-Readiness.aspx"},{"key":"9_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-319-33331-1_3","volume-title":"Critical Information Infrastructures Security","author":"P Eden","year":"2016","unstructured":"Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H., Stoddart, K.: A cyber forensic taxonomy for SCADA systems in critical infrastructure. In: Rome, E., Theocharidou, M., Wolthusen, S. (eds.) CRITIS 2015. LNCS, vol. 9578, pp. 27\u201339. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-33331-1_3"},{"issue":"7","key":"9_CR13","doi-asserted-by":"publisher","first-page":"e3","DOI":"10.4108\/eai.21-4-2016.151158","volume":"3","author":"A Cook","year":"2016","unstructured":"Cook, A., Nicholson, A., Janicke, H., Maglaras, L.A., Smith, R.: Attribution of cyber attacks on industrial control systems. EAI Endorsed Trans. Indust. Netw. Intellig. Syst. 3(7), e3 (2016). https:\/\/doi.org\/10.4108\/eai.21-4-2016.151158","journal-title":"EAI Endorsed Trans. Indust. Netw. Intellig. Syst."},{"issue":"3","key":"9_CR14","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1016\/j.diin.2014.06.007","volume":"11","author":"RM Knijff van der","year":"2014","unstructured":"van der Knijff, R.M.: Control systems\/SCADA forensics, what\u2019s the difference? Digit. Invest. 11(3), 160\u2013174 (2014). https:\/\/doi.org\/10.1016\/j.diin.2014.06.007 . ISSN 1742-2876","journal-title":"Digit. Invest."},{"key":"9_CR15","unstructured":"Etalle, S., Gregory, C., Bolzoni, D., Zambon, E.: Self-configuring deep protocol network whitelisting. Security Matters (2013). http:\/\/www.secmatters.com\/sites\/www.secmatters.com\/files\/documents\/whitepaper_ics_EU.Pdf"},{"key":"9_CR16","unstructured":"Pauna, A., May, J., Tryfonas, T.: Can we learn from SCADA security incidents? \u2013 ENISA, 09 October 2013. https:\/\/www.enisa.europa.eu\/publications\/can-we-learn-from-scada-security-incidents"},{"issue":"12","key":"9_CR17","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/mc.2012.325","volume":"45","author":"I Ahmed","year":"2012","unstructured":"Ahmed, I., Obermeier, S., Naedele, M., Richard III, G.G.: SCADA systems: challenges for forensic investigators. Computer 45(12), 44\u201351 (2012). https:\/\/doi.org\/10.1109\/mc.2012.325","journal-title":"Computer"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Wu, T., Pagna Disso, J.F., Jones, K., Campos, A.: Towards a SCADA forensics architecture. In: Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research, pp. 12\u201321 (2013)","DOI":"10.14236\/ewic\/ICSCSR2013.2"},{"key":"9_CR19","unstructured":"Fabro, M., Cornelius, E.: Recommended practice: creating cyber forensics plans for control systems. DHS Control Systems Security Program (2008). https:\/\/ics-cert.us-cert.gov\/sites\/default\/files\/recommended_practices\/Forensics_RP.pdf . Accessed 15 May 2017"},{"key":"9_CR20","unstructured":"Iqbal, A.: [Extended Abstract] Digital Forensic Readiness in Critical Infrastructures: Exploring substation automation in the power sector. Stockholm (2017). http:\/\/urn.kb.se\/resolve?urn=urn:nbn:se:kth:diva-209689"},{"key":"9_CR21","series-title":"IFIP Advances in Information and Communication","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/0-387-36891-4_22","volume-title":"Advances in Digital Forensics II","author":"T Kilpatrick","year":"2006","unstructured":"Kilpatrick, T., Gonzalez, J., Chandia, R., Papa, M., Shenoi, S.: An architecture for SCADA network forensics. In: Olivier, M.S., Shenoi, S. (eds.) DigitalForensics 2006. IAIC, vol. 222, pp. 273\u2013285. Springer, Boston, MA (2006). https:\/\/doi.org\/10.1007\/0-387-36891-4_22"},{"key":"9_CR22","unstructured":"Valli, C.: SCADA forensics with Snort IDS. In: Proceedings of the 2009 International Conference Security and Management (SAM 2009), pp. 618\u2013621. CSREA Press (2009)"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Sohl, E., Fielding, C., Hanlon, T., Rrushi, J., Farhangi, H., Howey, C., Carmichael, K., Dabell, J.: A field study of digital forensics of intrusions in the electrical power grid. In: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and\/or PrivaCy (CPS-SPC 2015), pp. 113\u2013122. ACM, New York (2015)","DOI":"10.1145\/2808705.2808716"},{"key":"9_CR24","unstructured":"CVE Details, Security Vulnerabilities, Promotic. https:\/\/www.cvedetails.com\/vulnerability-list\/vendor_id-649\/product_id-22225\/Microsys-Promotic.html"},{"key":"9_CR25","doi-asserted-by":"crossref","unstructured":"Hunt, R., Slay, J.: Achieving critical infrastructure protection through the interaction of computer security and network forensics. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), pp. 23\u201330. IEEE (2010)","DOI":"10.1109\/PST.2010.5593243"},{"key":"9_CR26","doi-asserted-by":"crossref","DOI":"10.5643\/9781606503027","volume-title":"Robust Control System Networks: How to Achieve Reliable Control after Stuxnet","author":"R Langner","year":"2011","unstructured":"Langner, R.: Robust Control System Networks: How to Achieve Reliable Control after Stuxnet. Momentum Press, New York (2011)"},{"key":"9_CR27","unstructured":"IEEE C37.118.1-2011: IEEE Standard for Synchrophasor Measurement for Power Systems"},{"key":"9_CR28","unstructured":"NASPI Technical Report: Time Synchronization in the Electric Power System, USA, March 2017. https:\/\/www.naspi.org\/sites\/default\/files\/reference_documents\/tstf_electric_power_system_report_pnnl_26331_march_2017_0.pdf"},{"key":"9_CR29","unstructured":"IEEE Standard for Synchrophasor Data Transfer for Power Systems. In: IEEE Std C37.118.2-2011 (Revision of IEEE Std C37.118-2005), pp. 1\u201353, 28 December 2011"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Beasley, C., Zhong, X., Deng, J., Brooks, R., Venayagamoorthy, G.K.: A survey of electric power synchrophasor network cyber security. In: IEEE PES Innovative Smart Grid Technologies, Europe, Istanbul, pp. 1\u20135 (2014)","DOI":"10.1109\/ISGTEurope.2014.7028738"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Almas, M.S., Vanfretti, L.: Impact of time-synchronization signal loss on PMU-based WAMPAC applications. In: 2016 IEEE Power and Energy Society General Meeting (PESGM), Boston, MA, pp. 1\u20135 (2016)","DOI":"10.1109\/PESGM.2016.7741313"},{"issue":"99","key":"9_CR32","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TSG.2017.2665461","volume":"8","author":"MS Almas","year":"2017","unstructured":"Almas, M.S., Vanfretti, L., Singh, R.S., Jonsdottir, G.M.: Vulnerability of synchrophasor-based WAMPAC applications\u2019 to time synchronization spoofing. IEEE Trans. Smart Grid 8(99), 1 (2017)","journal-title":"IEEE Trans. Smart Grid"},{"key":"9_CR33","unstructured":"SEL: Protection Relays by Schweitzer Engineering Laboratories. https:\/\/selinc.com\/products\/421\/"},{"key":"9_CR34","unstructured":"SEL-5030 acSELerator QuickSet Software. https:\/\/selinc.com\/products\/5030\/"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-73697-6_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,25]],"date-time":"2020-10-25T03:12:45Z","timestamp":1603595565000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-73697-6_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319736969","9783319736976"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-73697-6_9","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2018]]}}}