Date of Graduation
12-2025
Document Type
Thesis
Degree Name
Master of Science in Computer Science (MS)
Degree Level
Graduate
Department
Computer Science & Computer Engineering
Advisor/Mentor
Farnell, Chris
Committee Member
Panda, Brajendra
Second Committee Member
Jin, Kevin
Keywords
Cybersecurity
Abstract
Industrial Control Systems (ICS) and Operational Technology (OT) maintain the grid, ensure water safety, and keep transportation running. Because they influence nearly every aspect of daily life, these systems have become prime targets for cyberattacks. The need for this research arises from the fact that when ICS and OT systems are compromised, the consequences go beyond data loss, and they can directly disrupt communities and endanger public safety. This thesis introduces digital forensics fundamentals and explains how investigations in ICS environments differ from those in traditional IT environments. This work then examines major attacks, including Stuxnet, the Ukrainian Grid Attacks (BlackEnergy and Industroyer), Triton, Havex, and Volt Typhoon. Then, dives into the ICS MITRE ATT\&CK framework to highlight the tactics, techniques, and procedures for each attack. By analyzing these real-world incidents, the thesis assesses forensic methods and explores their strengths and weaknesses. The thesis also compares different proposed frameworks, and unlike standard IT approaches, these frameworks take into account the operational and safety constraints that make ICS investigations unique. The goal of this work is to highlight how ICS forensics differs from traditional practices and to provide insights that can help improve preparedness, mitigation, and response in critical infrastructure.
Citation
Kettler, K. (2025). When the Grid Goes Dark: A Digital Forensics Study of Industrial Control System Cyberattacks. Graduate Theses and Dissertations Retrieved from https://scholarworks.uark.edu/etd/6081
