Digital Forensics and ICS: Why and how?

As we respond to attacks on connected industries, control systems, and computer systems we have learned the value of digital forensics. The art of identifying an attack, collecting traces and recovering compromised data is an essential part of the cleanup process and evidence collection. A wellperformed forensic investigation also gives insights into how products can be improved upon, and how similar attacks can be more efficiently detected in the future.

The increased complexity of attacks, more creative obfuscation of malware, and highly motivated threat actors puts increasing demands on security researchers, and requires us to refine our forensic methods. We want to enable the potential of digitalization of our society while remaining robust with respect to cyber threats. According to the Swedish National Council for Crime Prevention, IT-related crimes grew almost tenfold in Sweden between 2006 and 2015, and the UK National Crime Agency and Strategic Cyber Industry Group reported in 2016 that cybercrime accounts for 53% of all reported crime in the UK. Ransomware attacks, for instance, can lead to costly outages or disrupt critical functions in society.

Digital forensics is a key area in which we have to be in the forefront. As a consequence of this, a newly formed initiative based in Linköping, Sweden has been formed in order to facilitate new developments in this area. Called the Digital Forensics Competence Center (DFCC), the aim is to focus efforts across industry, academia and governmental agencies toward better and more robust digital forensics. In addition to Sectra Communications, partners that make up the DFCC include two departments at Linköping University, the Swedish National Forensic Centre (NFC), the Research Institutes of Sweden (RISE), Halmstad University, Ericsson, Saab, plus many others.

In my talk I will discuss why cooperation between the public, academic, and private sectors is key in building a connected society that is resilient against attacks on connected infrastructure. I will discuss the role of the DFCC and how it will benefit the ICS community. Next, what current trends in digital forensics can we identify? Specifically, how can improved forensic techniques be used to prevent and detect attacks on connected industries?

Target audience

Industry professionals who want to learn more about forensics.

The audience should expect to learn about new methods that can be applied in forensics. No special prerequisites should be needed.

Key takeaway

Cooperation between public, private and academic sectors! Digital forensics is beneficial for the ICS community.

Previous Presentation

Jimmy Wylie Reid Wightman

Next Presentation

Khalid Ansari