{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T02:45:27Z","timestamp":1767494727573,"version":"3.40.3"},"publisher-location":"Cham","reference-count":18,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319992761"},{"type":"electronic","value":"9783319992778"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99277-8_18","type":"book-chapter","created":{"date-parts":[[2018,8,30]],"date-time":"2018-08-30T01:58:12Z","timestamp":1535594292000},"page":"331-349","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["A Forensic Logging System for Siemens Programmable Logic Controllers"],"prefix":"10.1007","author":[{"given":"Ken","family":"Yau","sequence":"first","affiliation":[]},{"given":"Kam-Pui","family":"Chow","sequence":"additional","affiliation":[]},{"given":"Siu-Ming","family":"Yiu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,8,30]]},"reference":[{"key":"18_CR1","unstructured":"D. Beresford, Exploiting Siemens Simatic S7 PLCs, presented at Black Hat USA, 2011."},{"key":"18_CR2","doi-asserted-by":"crossref","unstructured":"R. Chan and K. Chow, Forensic analysis of a Siemens programmable logic controller, in Critical Infrastructure Protection X, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 117\u2013130, 2016.","DOI":"10.1007\/978-3-319-48737-3_7"},{"key":"18_CR3","doi-asserted-by":"crossref","unstructured":"T. Cruz, J. Barrigas, J. Proenca, A. Graziano, S. Panzieri, L. Lev and P. Simoes, Improving network security monitoring for industrial control systems, Proceedings of the IFIP\/IEEE International Symposium on Integrated Network Management, pp. 878\u2013881, 2015.","DOI":"10.1109\/INM.2015.7140399"},{"key":"18_CR4","unstructured":"European Union Agency for Network and Information Security, Critical Infrastructures and Services, Heraklion, Greece (enisa.europa.eu\/topics\/critical-information-infrastructures-and-services), 2017."},{"key":"18_CR5","unstructured":"T. Hergenhahn, libnodave (sourceforge.net\/projects\/libnodave), 2014."},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"J. Klick, S. Lau, D. Marzin, J. Malchow and V. Roth, Internet-facing PLCs \u2013 A new back orifice, presented at Blackhat USA, 2015.","DOI":"10.1109\/CNS.2015.7346865"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"J. Malchow, D. Marzin, J. Klick, R. Kovacs and V. Roth, PLC Guard: A practical defense against attacks on cyber-physical systems, Proceedings of the IEEE Conference on Communications and Network Security, pp. 326\u2013334, 2015.","DOI":"10.1109\/CNS.2015.7346843"},{"key":"18_CR8","unstructured":"D. Nardella, Step 7 Open Source Ethernet Communications Suite, Bari, Italy (snap7.sourceforge.net), 2016."},{"key":"18_CR9","unstructured":"PLC-Logger Project, PLC-Logger and Analyzer (sourceforge.net\/projects\/plclogger), 2014."},{"key":"18_CR10","unstructured":"Siemens, SIMATIC S7-300 Programmable Controller Quick Start, Primer, Preface, C79000-G7076-C500-01, Nuremberg, Germany, 1996."},{"key":"18_CR11","unstructured":"Siemens, SIMATIC S7-200 Programmable Controller System Manual, 6ES7298-8FA01-8BH0, Edition 08\/2005, Nuremberg, Germany, 2005."},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"T. Spyridopoulos, T. Tryfonas and J. May, Incident analysis and digital forensics of SCADA and industrial control systems, Proceedings of the Eighth IET International System Safety Conference Incorporating the Cyber Security Conference, 2013.","DOI":"10.1049\/cp.2013.1720"},{"key":"18_CR13","unstructured":"T. Wiens, S7 Communications (s7comm), Wireshark Wiki (wiki.wireshark.org\/S7comm), 2016."},{"key":"18_CR14","unstructured":"T. Wiens, S7comm Wireshark Dissector Plugin (sourceforge.net\/projects\/s7commwireshark), 2017."},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"T. Wu and J. Nurse, Exploring the use of PLC debugging tools for digital forensic investigations of SCADA systems, Journal of Digital Forensics, Security and Law, vol. 10(4), pp. 79\u201396, 2015.","DOI":"10.15394\/jdfsl.2015.1213"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"K. Yau and K. Chow, PLC forensics based on control program logic change detection, Journal of Digital Forensics, Security and Law, vol. 10(4), pp. 59\u201368, 2015.","DOI":"10.15394\/jdfsl.2015.1211"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"K. Yau and K. Chow, Detecting anomalous programmable logic controller events using machine learning, in Advances in Digital Forensics XIII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 81\u201394, 2017.","DOI":"10.1007\/978-3-319-67208-3_5"},{"key":"18_CR18","doi-asserted-by":"crossref","unstructured":"K. Yau, K. Chow, S. Yiu and C. Chan, Detecting anomalous behavior of a PLC using semi-supervised machine learning, Proceedings of the IEEE Conference on Communications and Network Security, pp. 580\u2013585, 2017.","DOI":"10.1109\/CNS.2017.8228713"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XIV"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99277-8_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,29]],"date-time":"2022-08-29T00:04:30Z","timestamp":1661731470000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-99277-8_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319992761","9783319992778"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99277-8_18","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"30 August 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Delhi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 January 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 January 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/WG11-9-CFP-2018.pdf","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}