ICS Forensics tool

Presented at DEF CON 31 (2023), Aug. 12, 2023, 2 p.m. (115 minutes)

Microsoft ICS Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft ICS Forensics Tools enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. Microsoft ICS Forensics Tools is open source, which allows investigators to verify the actions of the tool or customize it to specific needs, currently support Siemens S7 via Snap7.

Presenters:

• Maayan Shaul
  Maayan Shaul is a Malware Analyst and Security Researcher in Section52 at Microsoft Defender for IoT (formerly CyberX). Experienced in the fields of malware analysis, reverse engineering and the IoT/OT landscape.
• Ori Perez
  Ori Perez is a Malware Analyst and Reverse Engineer with vast experience in dealing with Nation-sponsored cyber attacks as an ex-officer at the IDF's CERT. Ori is manager at Microsoft Defender for IoT research team (formerly CyberX) and research IoT/OT protocol research for IoT/OT tools .

Similar Presentations:

• BSidesDC 2014 / ICS Village
• Wild West Hackin' Fest 2019 / Architecting Secure ICS Environments
• ToorCon San Diego 20 (2018) / Anatomy of ICS Disruptive Attacks: Lessons learned from CRASHOVERRIDE and TRISIS