Digital forensics investigation procedures of smart grid environment

Abstract

Smart grids have been widely used around the world. The security of this system is debatable among the researchers because this area requires an improvement in order to reassure the grid is secured from cyberattacks. However, many malware were found attacking the smart grid systems such as Stuxnet, Flames, Triton, etc. Some of them are designed to avoid being tracked by a forensic investigator. The perpetrators used the fragility of digital evidence as an advantage to launch an attack on the smart grid without leaving traces. Technology development gives challenges to digital forensic procedures because the data volume is much higher. Thus, the digital forensic procedure needs to be redesigned, modified, and improved to capture traces and handle digital evidence. This paper aims to propose a digital forensic procedure to guide investigators to perform the digital forensic investigation, especially in a smart grid environment. This paper has discussed several suitable tools and techniques in digital forensic investigation to solve the problem or the challenges. This study discussed two cyberattacks examples and simulated the attack using a testbed to guide forensic investigators based on the proposed digital forensic procedure. Examples of cyberattacks are Distributed Denial of Service and False Data Injection attacks. This paper presented an appropriate methodology and relevant forensic tools to ensure the evidence's integrity during collection and analysis as legal evidence in court.