Asee peer logo

Forensic Analysis of SCADA/ICS System with Security and Vulnerability Assessment

Download Paper |


2018 ASEE Annual Conference & Exposition


Salt Lake City, Utah

Publication Date

June 23, 2018

Start Date

June 23, 2018

End Date

July 27, 2018

Conference Session

Topics in Computing and Information Technology-I

Tagged Division

Computing and Information Technology

Page Count




Permanent URL

Download Count


Request a correction

Paper Authors


Umit Karabiyik Sam Houston State University Orcid 16x16

visit author page

Umit Karabiyik is an Assistant Professor in the Department of Computer Science at Sam Houston University, in Huntsville, TX. Dr. Karabiyik completed his Ph.D. and M.S. degrees at Florida State University in 2015 and 2010 respectively. His research interests mainly lie in the area of Digital Forensics and Cybersecurity ranging from developing tools for forensic investigations to creating new models for forensic data analysis in various environments. He also has broad research interests in Expert Systems, Knowledge Representation, Encrypted File Analysis, Computer and Network Security. Dr. Karabiyik is the creator of open source digital forensics tool called Automated Disk Investigation Toolkit (AUDIT). Dr. Karabiyik is a recipient of NIJ Grant on Targeted Data Extraction from Mobile Devices. One of his recent work has received the “Best Paper Award” at the IEEE 4th International Symposium on Digital Forensic and Security (ISDF). In addition, Dr. Karabiyik is leading the Mobile Forensics and SCADA Forensics Labs at SHSU.

visit author page

author page

Naciye Celebi


Faruk Yildiz Sam Houston State University

visit author page

Faruk Yildiz is currently an Associate Professor of
Engineering Technology at Sam Houston State University.
His primary teaching areas are in Electronics,
Computer Aided Design (CAD), and Alternative Energy Systems. Research interests include: low power energy
harvesting systems, renewable energy technologies
and education.

visit author page

author page

James Holekamp Sam Houston State University Orcid 16x16

author page

Khaled Rabieh Sam Houston State University

Download Paper |


Supervisory Control and Data Acquisition/Industrial Control Systems (SCADA/ICS) have achieved rapid growth within the competitive technology market. As a result, it has encountered serious security problems. Hence, security methods are needed to secure ICS from targeted attacks. The information security vulnerabilities of ICS have been studied extensively, and the vulnerable nature of these systems is well-known. However, in the case of a security incident (e.g. system failure, security breach, or denial of service attack), it is important to understand what the digital forensics consequences of such incidents are, what procedures or protocols are needed to be used during an investigation, what tools and techniques are appropriate to be used by an investigator, and where the forensic data can be collected from and how. Taking into these questions consideration, there is a serious gap in the literature as forensic attack analysis is commonly guided by experience and by intuition rather than by a systematic or scientific process. Therefore, in this study, we aim to close this gap by developing fairly complex SCADA/ICS laboratory at Sam Houston State University. During the course of our studies, several students (graduate and undergraduate) worked under the supervision of faculty members to understand the forensic aspects of real world attacks on SCADA hardware as well as the network used by the system. This new laboratory is intended to be used for Computer Science, Digital and Cyber Forensic Engineering Technology, and Engineering Technology programs at our university. With the availability of this laboratory we have a realistic SCADA/ICS system which can be used to study real-life experiments such as penetration assessment and testing, vulnerability assessment and testing, and the SCADA forensics research. In addition to aforementioned research activities, the laboratory will also serve to develop and support both undergraduate and graduate level computer science courses as well as undergraduate engineering technology courses. In this paper we will discuss the digital forensics and security challenges in SCADA/ICS, system infrastructure, forensic attack scenarios and results, student and faculty involvement in this research, laboratory related future course development objectives, student assessments, and the industry support.

Karabiyik, U., & Celebi, N., & Yildiz, F., & Holekamp, J., & Rabieh, K. (2018, June), Forensic Analysis of SCADA/ICS System with Security and Vulnerability Assessment Paper presented at 2018 ASEE Annual Conference & Exposition , Salt Lake City, Utah. 10.18260/1-2--30530

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2018 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015