ICS SCADA Forensics workshop/challenge

The ICS PCAP challenge is designed to utilise network forensics skills to analyse a baseline and an attack network pcap taken from an ICS network, in order to identify why a PLC has ceased working. The timescale for analysis is limited, as we need to replace the PLC within an hour max, and we have to be certain that the attack has been identified correctly in order to prevent future similar attack methods. The analysis will take 1 hour and a brief description of findings and conclusion is to be presented at the end. The participants will require network analysis tools such as: Wireshark, TCPDump and TShark, GREP, etc. however a copy of Kali will provide all of these tools.