Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT)

By247

Published

June 22, 2022

Author(s)

Eran SalfatiMichael Pease

Abstract

This document provides a new Incident Handling framework dedicated to Operational Technology. This framework expands the traditional technical steps by giving an Incident Response procedure based on the event escalation and provides techniques for OT Digital Forensics. It includes an overview with general terms explanation and a list of unique properties of OT DFIR, the preparation that should be done to establish an OT Incident Response Team, and finally, the suggested OT Incident Handling framework in detail.

Citation

NIST Interagency/Internal Report (NISTIR) – 8428

Report Number

8428

NIST Pub Series

NIST Interagency/Internal Report (NISTIR)

Pub Type

NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.IR.8428

Local Download

Keywords

Active Defense, Digital Forensics, Incident Handling, Incident Response, Industrial Control Systems, Operational Technology

 Information technologyForensic ScienceDigital evidenceCybersecurity and Cyber-physical systems

Citation:
Salfati, E. and Pease, M. (2022), Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT), NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8428, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934922 (Accessed August 5, 2023)

Similar Posts

SANS Cyber Security Blog

By247

https://www.sans.org/blog/?focus-area=digital-forensics The SANS Cyber Security Blog is a platform where experts from the SANS Institute share their knowledge and insights on various topics related to cyber security. The SANS Institute is a trusted and well-respected organization in the field of cyber security, offering a wide range of training courses, certifications, and research. The blog covers…