Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

D4I - Digital Forensics Framework for Investigating Cyber Attacks in Industrie 4.0

Published

Author(s)

Athanasios Dimitriadis, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis

Abstract

Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention approaches. Nowadays, the investigation of cyber-attacks has evolved more than ever leveraging combinations of intelligent tools and digital forensics processes. Intelligent tools (such as YARA rules, and Indicators of Compromise) are effective only when there is prior knowledge about software and mechanisms used in the cyber-attack, i.e., they are not attack-agnostic. Therefore, the effectiveness of these intelligent tools is inversely proportional to the number of the never-seen-before software and mechanisms utilized. Digital forensic processes, while not suffering from such issue, lack the ability to provide in-depth support to a cyber-attack investigation. The reason being that there are insufficient details in the examination and analysis phases of the processes where the actual investigation takes place. This paper proposes a framework for digital forensics investigation of cyber-attacks called D4I (Digital FORensics framework for Investigation of cyber-attacks in Industrie 4.0 or digitalization), focusing on enhancing the examination and analysis phases. The framework introduces two key properties. First, the framework proposes a digital artifacts categorization and mapping to the generalized steps of attacks - Cyber-Kill-Chain. Second, it provides detailed steps for the examination and analysis phases. As a result, D4I provides a step-by- step way to investigate cyber-attacks that is not only attack-agnostic but also provides sufficient details for repeatable and effective investigation.
Citation
Array Elsevier

Keywords

Digital Forensics Framework, Artifacts Categorization and Mapping, Examination and Analysis, Digital Investigation, Smart Manufacturing, Digitalization, Industrie 4.0
Created December 26, 2019, Updated January 15, 2020