Developing a Digital Forensic Capability for Critical Infrastructures: An Investigation Framework
MetadataShow full metadata
Digital forensic science in critical infrastructures is a booming study area of research. It combines cybersecurity practices of industrial control systems in critical infrastructures, with the problems of big data quantities and diverse hardware and software systems. To defend critical infrastructures against cyber-attacks forensic capabilities are also required. Boosting the level of security for critical infrastructures, especially in control rooms for engineering workstations, requires big data architectures for data analytics. When correctly configured forensic capabilities allow the retention of data and information for post event investigation. The challenge is the complexity and the scope of such attempts to add protection to these systems, structures, and processes. With a fundamental lack of models and frameworks relevant to conducting digital forensic investigations in critical infrastructures research is required. Therefore, creating a cyber-forensic framework with a detailed guideline for protecting control systems is the focus for this research (see chapter six). It offers to improve the forensic capability for big data in critical infrastructures. The main objective of creating a cyber-forensic plan is to cover the essentials of monitoring, troubleshooting, data reconstruction, recovery, and the safety of classified information. Furthermore, when a cyber-crime occurs, cyber-forensics has the methods to gather, examine, and store data for admissible evidence. This research develops a new digital forensic model for critical infrastructures, a framework, and an integrated guideline for supporting digital forensic investigators. The research question is “What design is required for improving the accuracy of digital forensic capabilities in Critical Infrastructures?” The research methodology is Design Science Research methodology (DSR), which is employed to identify, build and improve the artefacts. DSR structures the design process so that the relevant parts can be brought together, tested and improved. The results can be communicated to the academic community through publications and to industry through the artefacts. Consequently, this research has identified the problems associated with the critical infrastructure control room context from literature, identified the gaps, and then designed solutions. Problems and gaps have been confirmed as “real”; so that the research can be relevant to industry. Digital forensics has multifaceted iv procedures and it requires sophisticated capabilities. The implication is that for a critical infrastructure – that carries convergence of many isolated areas - examination facts from each of the area will be required for improving the effectiveness, efficiency, and quality of investigations. Accordingly, a model was proposed from the literature analysis (Chapter 3) as the initial artefact, and to draft an effective framework for big data forensic investigations in critical infrastructures (Figure 3.19). The completed research adds key values to the academic knowledgebase in the area of digital forensics. The improved artefact, the Corrective Big Data Forensic Investigation Framework for Critical Infrastructures (Figure 6.17), is now available to help an investigator in an environment where more than one sub-field of digital forensics is present. The investigation test data was examined critically, and the expert feedback findings have been taken into consideration to improve the model and enhance the framework in order to produce an in-depth guideline. The Guideline can be upgraded as technology and systems change (Section 5.1).