DFRWS 2023 Challenge on Industrial Control System Forensics
“The Troubled Elevator: Forensic Investigation of a Bank’s Elevator Malfunctioning”
The DFRWS 2023 challenge takes a deep dive into the domain of Industrial Control Systems (ICS), specifically focusing on programmable logic controllers (PLC). These systems are increasingly critical for monitoring and controlling industrial processes in various sectors, such as energy, water, transportation, and manufacturing. Despite their importance, advancements in security and forensics have not been adequate. This challenge aims to provide deeper insights into ICS network traffic analysis and device memory in a real-world scenario.
The scenario for this challenge, “The Troubled Elevator,” involves investigating a mysterious incident in a bank’s executive-only elevator. Participants with different technical skills in forensic investigations are encouraged in this competition, with opportunities for innovative investigative approaches in network, RAM, and embedded systems.
Scenario: The Troubled Elevator
Kristi Wayne from Wayne Enterprise has recently bought a controversial bank in the city of Richmond.
On June 29, Friday afternoon, during her visit to the bank, she used an executive-only elevator designed to provide a smooth and private commute for the high-ranking officials within the bank. Wayne enters the elevator and presses the button to get to another floor. However, the elevator suddenly starts malfunctioning, trapping Wayne inside. Wayne calls from the elevator for emergency assistance. After an extended episode of patience and misery, she is finally rescued. Due to this high-profile incident, your forensic team has been called for an investigation. Fortunately, the elevator infrastructure is designed to log network traffic and device memory dumps for a certain time period. You acquire them along with CCTV footage of the elevator and the memory dump of Wayne’s new computer in her office at the bank.
Your job is to investigate the entire incident and provide a comprehensive report, including
- Elevator behaviors during malfunctioning,
- Timeline of elevator malfunctioning,
- Specific cause of malfunctioning,
- Any evidence of an inside attacker,
- Any attack evidence on the network, computer, and PLC device
The team that covers the incident most comprehensively will win the challenge.
- Memory dump of Kristi Wayne’s computer in the bank
- Network diagram
- Network traffic log of the elevator’s PLC
- PLC device memory dumps
- CCTV footage of the elevator
- Elevator manual
- PLC control logic
GitHub repo: https://github.com/dfrws/dfrws2023-challenge
Submission deadline: May 1, 2024
Submission Instructions: TBD
Security and Forensics Engineering (SAFE) Lab at Virginia Commonwealth University (VCU), http://people.vcu.edu/~iahmed3/
SAFE Lab Team:
Irfan Ahmed, DFRWS Challenge Chair and Associate Professor at Virginia Commonwealth University
Wooyeon Jo, Postdoctoral Research Fellow at Virginia Commonwealth University
Adeen Ayub, PhD Candiate at VCU
Dr. Muhammad Haris Rais, Former PhD Student and Alumnus of SAFE Lab; now Assistant Professor at Virginia State University, VA
Hala Ali, PhD Student at VCU
Nehal Ameen, PhD Student at VCU
Muhammad Ahsan, PhD Student at VCU
Syed Ali Qasim, Former PhD Student and Alumnus of SAFE Lab; now Assistant Professor at Grand Valley State University, MI