{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T23:22:10Z","timestamp":1771975330369,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,12,4]],"date-time":"2018-12-04T00:00:00Z","timestamp":1543881600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,12,4]]},"DOI":"10.1145\/3295453.3295454","type":"proceedings-article","created":{"date-parts":[[2019,1,4]],"date-time":"2019-01-04T13:33:56Z","timestamp":1546608836000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Tools, Techniques, and Methodologies"],"prefix":"10.1145","author":[{"given":"Rima Asmar","family":"Awad","sequence":"first","affiliation":[{"name":"Oak Ridge National Lab, Tennessee Tech University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saeed","family":"Beztchi","sequence":"additional","affiliation":[{"name":"University of Tennessee, Knoxville, Oak Ridge National Lab"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jared M.","family":"Smith","sequence":"additional","affiliation":[{"name":"Oak Ridge National Lab, University of Tennessee, Knoxville"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bryan","family":"Lyles","sequence":"additional","affiliation":[{"name":"Oak Ridge National Lab"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stacy","family":"Prowell","sequence":"additional","affiliation":[{"name":"Oak Ridge National Lab"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Cybersecurity Study, and Data Mining","author":"Adhikari U","year":"2017","unstructured":"U Adhikari , T Morris , and S Pan Grid . 2017. WAMS Cyber-Physical Test Bed for Power System , Cybersecurity Study, and Data Mining . IEEE Transactions on Smart Grid ( 2017 ). U Adhikari, T Morris, and S Pan Grid. 2017. WAMS Cyber-Physical Test Bed for Power System, Cybersecurity Study, and Data Mining. IEEE Transactions on Smart Grid (2017)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.325"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.4251102"},{"key":"e_1_3_2_1_4_1","volume-title":"The International Conference on Information Security and Cyber Forensics","author":"Betts Molly","year":"2016","unstructured":"Molly Betts , Joseph Stirland , Funminiyi Olajide , Kevin Jones , and Helge Janicke . 2016 . Developing a state of the art methodology & toolkit for ICS SCADA forensics . The International Conference on Information Security and Cyber Forensics (2016). Molly Betts, Joseph Stirland, Funminiyi Olajide, Kevin Jones, and Helge Janicke. 2016. Developing a state of the art methodology & toolkit for ICS SCADA forensics. The International Conference on Information Security and Cyber Forensics (2016)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.01.003"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2009.04.012"},{"key":"e_1_3_2_1_7_1","volume-title":"Enhancing the Security and Forensic Capabilities of Programmable Logic Controllers. IFIP Int. Conf. Digital Forensics 532","author":"Chan Chun-Fai","year":"2018","unstructured":"Chun-Fai Chan , Kam-Pui Chow , Siu-Ming Yiu , and Ken Yau . 2018 . Enhancing the Security and Forensic Capabilities of Programmable Logic Controllers. IFIP Int. Conf. Digital Forensics 532 , Chapter 19 (2018), 351--367. Chun-Fai Chan, Kam-Pui Chow, Siu-Ming Yiu, and Ken Yau. 2018. Enhancing the Security and Forensic Capabilities of Programmable Logic Controllers. IFIP Int. Conf. Digital Forensics 532, Chapter 19 (2018), 351--367."},{"key":"e_1_3_2_1_8_1","first-page":"117","article-title":"Forensic Analysis of a Siemens Programmable Logic Controller","volume":"7","author":"Chan Raymond","year":"2016","unstructured":"Raymond Chan and Kam-Pui Chow . 2016 . Forensic Analysis of a Siemens Programmable Logic Controller . CrWuitical Infrastructure Protection 485, Chapter 7 (2016), 117 -- 130 . Raymond Chan and Kam-Pui Chow. 2016. Forensic Analysis of a Siemens Programmable Logic Controller. CrWuitical Infrastructure Protection 485, Chapter 7 (2016), 117--130.","journal-title":"CrWuitical Infrastructure Protection 485, Chapter"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-75462-8_9"},{"key":"e_1_3_2_1_10_1","volume-title":"Stuxnet - What Has Changed? Future Internet","author":"Denning Dorothy E","year":"2012","unstructured":"Dorothy E Denning . 2012. Stuxnet - What Has Changed? Future Internet ( 2012 ). Dorothy E Denning. 2012. Stuxnet - What Has Changed? Future Internet (2012)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.06.005"},{"key":"e_1_3_2_1_12_1","volume-title":"DEFCON Conference","author":"Devarajan G","year":"2007","unstructured":"G Devarajan . 2007 . Unraveling SCADA protocols: Using sulley fuzzer . DEFCON Conference (2007). G Devarajan. 2007. Unraveling SCADA protocols: Using sulley fuzzer. DEFCON Conference (2007)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/ICS2016.16"},{"key":"e_1_3_2_1_14_1","volume-title":"Cybersecurity for Industry 4.0","author":"Eden Peter","unstructured":"Peter Eden , Andrew Blyth , Kevin Jones , Hugh Soulsby , Pete Burnap , Yulia Cherdantseva , and Kristan Stoddart . 2017. SCADA System Forensic Analysis Within IIoT . In Cybersecurity for Industry 4.0 . Springer , Cham , 73--101. Peter Eden, Andrew Blyth, Kevin Jones, Hugh Soulsby, Pete Burnap, Yulia Cherdantseva, and Kristan Stoddart. 2017. SCADA System Forensic Analysis Within IIoT. In Cybersecurity for Industry 4.0. Springer, Cham, 73--101."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/ICS2015.5"},{"key":"e_1_3_2_1_16_1","volume-title":"Khan Muhammad, and Arun Kumar Sangaiah.","author":"Elhoseny Mohamed","year":"2017","unstructured":"Mohamed Elhoseny , Abbas Hosny , Aboul Ella Hassanien , Khan Muhammad, and Arun Kumar Sangaiah. 2017 . Secure Automated Forensic Investigation for Sustainable Critical Infrastructures Compliant with Green Computing Requirements. IEEE Transactions on Sustainable Computing ( 2017), 1--1. Mohamed Elhoseny, Abbas Hosny, Aboul Ella Hassanien, Khan Muhammad, and Arun Kumar Sangaiah. 2017. Secure Automated Forensic Investigation for Sustainable Critical Infrastructures Compliant with Green Computing Requirements. IEEE Transactions on Sustainable Computing (2017), 1--1."},{"key":"e_1_3_2_1_17_1","unstructured":"FireEye. 2018. RedLine. https:\/\/www.fireeye.com\/services\/freeware\/redline.html  FireEye. 2018. RedLine. https:\/\/www.fireeye.com\/services\/freeware\/redline.html"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCICSS.2016.7882610"},{"key":"e_1_3_2_1_19_1","unstructured":"Google. 2018. Rekall Forensics. http:\/\/rekall-forensic.com  Google. 2018. Rekall Forensics. http:\/\/rekall-forensic.com"},{"key":"e_1_3_2_1_20_1","first-page":"592","article-title":"Memory Carving in Embedded Devices - Separate the Wheat from the Chaff","volume":"9696","author":"Gougeon Thomas","year":"2016","unstructured":"Thomas Gougeon , Morgan Barbier , Patrick Lacharme , Gildas Avoine , and Christophe Rosenberger . 2016 . Memory Carving in Embedded Devices - Separate the Wheat from the Chaff . ACNS 9696 , 3 (2016), 592 -- 608 . Thomas Gougeon, Morgan Barbier, Patrick Lacharme, Gildas Avoine, and Christophe Rosenberger. 2016. Memory Carving in Embedded Devices - Separate the Wheat from the Chaff. ACNS 9696, 3 (2016), 592--608.","journal-title":"ACNS"},{"key":"e_1_3_2_1_21_1","volume-title":"Exploratory studies into forensic logs for criminal investigation using case studies in industrial control systems in the power sector. BigData","author":"Iqbal Asif","year":"2017","unstructured":"Asif Iqbal , Mathias Ekstedt , and Hanan Alobaidli . 2017. Exploratory studies into forensic logs for criminal investigation using case studies in industrial control systems in the power sector. BigData ( 2017 ), 3657--3661. Asif Iqbal, Mathias Ekstedt, and Hanan Alobaidli. 2017. Exploratory studies into forensic logs for criminal investigation using case studies in industrial control systems in the power sector. BigData (2017), 3657--3661."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2899015.2899016"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.03.005"},{"key":"e_1_3_2_1_24_1","volume-title":"Advances in Digital Forensics II","author":"Kilpatrick Tim","unstructured":"Tim Kilpatrick , Jesus Gonzalez , Rodrigo Chandia , Mauricio Papa , and Sujeet Shenoi . 2006. An Architecture for SCADA Network Forensics . In Advances in Digital Forensics II . Springer New York , Boston, MA , 273--285. Tim Kilpatrick, Jesus Gonzalez, Rodrigo Chandia, Mauricio Papa, and Sujeet Shenoi. 2006. An Architecture for SCADA Network Forensics. In Advances in Digital Forensics II. Springer New York, Boston, MA, 273--285."},{"key":"e_1_3_2_1_25_1","volume-title":"Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic. JDFSL","author":"Kleinmann Amit","year":"2014","unstructured":"Amit Kleinmann and Avishai Wool . 2014. Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic. JDFSL ( 2014 ). Amit Kleinmann and Avishai Wool. 2014. Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic. JDFSL (2014)."},{"key":"e_1_3_2_1_26_1","volume-title":"The Art of Memory Forensics","author":"Hale Michael","unstructured":"Ligh, Michael Hale , Case, Andrew, Levy, Jamie, and Walters, Aaron. 2014. The Art of Memory Forensics . John Wiley & Sons . Ligh, Michael Hale, Case, Andrew, Levy, Jamie, and Walters, Aaron. 2014. The Art of Memory Forensics. John Wiley & Sons."},{"key":"e_1_3_2_1_27_1","unstructured":"Marie-Helen Maras and Others. 2015. Computer Forensics. Jones and Bartlett Learning.  Marie-Helen Maras and Others. 2015. Computer Forensics. Jones and Bartlett Learning."},{"key":"e_1_3_2_1_28_1","first-page":"59","article-title":"A Firmware Verification Tool for Programmable Logic Controllers","volume":"5","author":"McMinn Lucille","year":"2012","unstructured":"Lucille McMinn and Jonathan Butts . 2012 . A Firmware Verification Tool for Programmable Logic Controllers . Critical Infrastructure Protection 390, Chapter 5 (2012), 59 -- 69 . Lucille McMinn and Jonathan Butts. 2012. A Firmware Verification Tool for Programmable Logic Controllers. Critical Infrastructure Protection 390, Chapter 5 (2012), 59--69.","journal-title":"Critical Infrastructure Protection 390, Chapter"},{"key":"e_1_3_2_1_29_1","unstructured":"Sandeep Mittal. 2015. The Issues in Cyber-Defence and Cyber-Forensics of the SCADA Systems. (2015).  Sandeep Mittal. 2015. The Issues in Cyber-Defence and Cyber-Forensics of the SCADA Systems. (2015)."},{"key":"e_1_3_2_1_30_1","unstructured":"Bill Nelson Amelia Phillips and Christopher Steuart. 2014. Guide to Computer Forensics and Investigations. Cengage Learning.  Bill Nelson Amelia Phillips and Christopher Steuart. 2014. Guide to Computer Forensics and Investigations. Cengage Learning."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5220\/0005510001780185"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.06.012"},{"key":"e_1_3_2_1_33_1","first-page":"77","article-title":"The Development of a Generic Framework for the Forensic Analysis of SCADA and Process Control Systems. e-Forensics 8","volume":"9","author":"Slay Jill","year":"2009","unstructured":"Jill Slay and Elena Sitnikova . 2009 . The Development of a Generic Framework for the Forensic Analysis of SCADA and Process Control Systems. e-Forensics 8 , Chapter 9 (2009), 77 -- 82 . Jill Slay and Elena Sitnikova. 2009. The Development of a Generic Framework for the Forensic Analysis of SCADA and Process Control Systems. e-Forensics 8, Chapter 9 (2009), 77--82.","journal-title":"Chapter"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3138854"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCKE.2017.8167885"},{"key":"e_1_3_2_1_36_1","unstructured":"Joe Stirland Kevin Jones Helge Janicke and Tina Wu. 2014. Developing Cyber Forensics for SCADA Industrial Control Systems. (2014) 98--111.  Joe Stirland Kevin Jones Helge Janicke and Tina Wu. 2014. Developing Cyber Forensics for SCADA Industrial Control Systems. (2014) 98--111."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.01.010"},{"key":"e_1_3_2_1_38_1","volume-title":"Prevent or Evaluate Critical Situations. European Scientific Journal, ESJ 9, 21","author":"Taveras Pedro N.","year":"2013","unstructured":"Pedro N. Taveras . 2013. Scada Live Forensics: Real Time Data Acquisition Process to Detect , Prevent or Evaluate Critical Situations. European Scientific Journal, ESJ 9, 21 ( 2013 ). Pedro N. Taveras. 2013. Scada Live Forensics: Real Time Data Acquisition Process to Detect, Prevent or Evaluate Critical Situations. European Scientific Journal, ESJ 9, 21 (2013)."},{"key":"e_1_3_2_1_39_1","volume-title":"Wiper Malware Threat Analysis. Secureworks","author":"Intelligence Team Dell Threat","year":"2013","unstructured":"Dell Threat Intelligence Team . 2013. Wiper Malware Threat Analysis. Secureworks ( 2013 ). https:\/\/www.secureworks.com\/research\/wiper-malware-analysis-attacking-korean-financial-sector Dell Threat Intelligence Team. 2013. Wiper Malware Threat Analysis. Secureworks (2013). https:\/\/www.secureworks.com\/research\/wiper-malware-analysis-attacking-korean-financial-sector"},{"key":"e_1_3_2_1_40_1","unstructured":"The Volatility Foundation. 2018. Volatility Foundation. https:\/\/www.volatilityfoundation.org  The Volatility Foundation. 2018. Volatility Foundation. https:\/\/www.volatilityfoundation.org"},{"key":"e_1_3_2_1_41_1","volume-title":"Snort IDS for SCADA Networks. Security and Management","author":"Valli Craig","year":"2009","unstructured":"Craig Valli . 2009. Snort IDS for SCADA Networks. Security and Management ( 2009 ). Craig Valli. 2009. Snort IDS for SCADA Networks. Security and Management (2009)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.06.007"},{"key":"e_1_3_2_1_43_1","volume-title":"Forensics in Industrial Control System: A Case Study. arXiv.org","author":"Vliet Pieter Van","year":"2016","unstructured":"Pieter Van Vliet , M-T Kechadi , and Nhien-An Le-Khac . 2016. Forensics in Industrial Control System: A Case Study. arXiv.org ( 2016 ). arXiv:cs.CR\/1611.01754v1 Pieter Van Vliet, M-T Kechadi, and Nhien-An Le-Khac. 2016. Forensics in Industrial Control System: A Case Study. arXiv.org (2016). arXiv:cs.CR\/1611.01754v1"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897795.2897819"},{"key":"e_1_3_2_1_45_1","volume-title":"K Jones, A Campos Proceedings of the 1st, and","author":"Wu T","year":"2013","unstructured":"T Wu , JFP Disso , K Jones, A Campos Proceedings of the 1st, and 2013 . {n. d.}. Towards a SCADA forensics architecture. ewic.bcs.org ({n. d.}). T Wu, JFP Disso, K Jones, A Campos Proceedings of the 1st, and 2013. {n. d.}. Towards a SCADA forensics architecture. ewic.bcs.org ({n. d.})."},{"key":"e_1_3_2_1_46_1","volume-title":"PLC Forensics Based on Control Program Logic Change Detection. JDFSL","author":"Yau Ken","year":"2015","unstructured":"Ken Yau and Kam-Pui Chow . 2015. PLC Forensics Based on Control Program Logic Change Detection. JDFSL ( 2015 ). Ken Yau and Kam-Pui Chow. 2015. PLC Forensics Based on Control Program Logic Change Detection. JDFSL (2015)."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99277-8_18"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Ken Yau Kam-Pui Chow Siu-Ming Yiu and Chun-Fai Chan. 2017. Detecting anomalous behavior of PLC using semi-supervised machine learning. CNS(2017) 580--585.  Ken Yau Kam-Pui Chow Siu-Ming Yiu and Chun-Fai Chan. 2017. Detecting anomalous behavior of PLC using semi-supervised machine learning. CNS(2017) 580--585.","DOI":"10.1109\/CNS.2017.8228713"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCIA.2013.6725320"}],"event":{"name":"ICSS '18: 4th Annual Industrial Control System Security Workshop","location":"San Juan PR USA","acronym":"ICSS '18","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 4th Annual Industrial Control System Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3295453.3295454","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3295453.3295454","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:02:13Z","timestamp":1750208533000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3295453.3295454"}},"subtitle":["A Survey of Digital Forensics for SCADA Systems"],"short-title":[],"issued":{"date-parts":[[2018,12,4]]},"references-count":49,"alternative-id":["10.1145\/3295453.3295454","10.1145\/3295453"],"URL":"https:\/\/doi.org\/10.1145\/3295453.3295454","relation":{},"subject":[],"published":{"date-parts":[[2018,12,4]]},"assertion":[{"value":"2018-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}