Research units A-Z

Data Provenance and Digital Forensics

As attacks targeting Industrial Control Systems (ICS) are a major threat, there is a requirement to respond and learn from previous and new attacks in order to mitigate them, with digital forensics playing a significant role in this process. This theme of research focuses on understanding the challenges of developing and deploying digital forensics solutions in ICS and wider Operational Technology (OT) environments. For instance, we explore the specific data types stored on a PLC and define a forensic artefact taxonomy based on the acquirable data that can be acquired from PLC memory using third-party tools.

Publications

• Marco, C., et al. "Introducing a Forensics Data Type Taxonomy of Acquirable Artefacts from Programmable Logic Controllers." IEEE: New York, NY, USA (2020).
• Cook, Marco, et al. "A survey on industrial control system digital forensics: challenges, advances and future directions." IEEE Communications Surveys & Tutorials (2023).