ICS Forensics Tools: open source forensic toolkit for analyzing Industrial PLC metadata and project files
Microsoft Section52 ICS Forensics Tools
Microsoft Section52 Industrial Control Systems Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft Section52 ICS Forensics Tools enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. Microsoft Section52 ICS Forensics Tools is open source, which allows investigators to verify the actions of the tool or customize it to specific needs, currently support Siemens S7 via Snap7.
SUPPORTED SCENARIOS
- OB usage
- Block author
- Offline – Online comparison
- Call Graphs
- Timestamps outliers
- Network usage
Install
git clone https://github.com/microsoft/ics-forensics-tools.git
pip install -r requirements.txt
Use
Output:
Depending on the model you choose to investigate, the data presented per model
-
Upload project from PLC and parsing status
-
Author block names and uniqueness –
-
Timestamp Outliers Anomalies
-
Network Logic
-
Call graph – program connection base execution graph
– OB metadata
– Online <-> Offline Block Comparison
Copyright (c) Microsoft Corporation.
Source: https://github.com/microsoft/