{"id":"https://openalex.org/W3042229408","doi":"https://doi.org/10.1109/cybersecurity49315.2020.9138879","title":"Introducing a forensics data type taxonomy of acquirable artefacts from programmable logic controllers","display_name":"Introducing a forensics data type taxonomy of acquirable artefacts from programmable logic controllers","publication_year":2020,"publication_date":"2020-06-01","ids":{"openalex":"https://openalex.org/W3042229408","doi":"https://doi.org/10.1109/cybersecurity49315.2020.9138879","mag":"3042229408"},"language":"en","primary_location":{"id":"doi:10.1109/cybersecurity49315.2020.9138879","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecurity49315.2020.9138879","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://eprints.gla.ac.uk/267345/","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091479151","display_name":"Marco M. Cook","orcid":"https://orcid.org/0000-0002-5232-2381"},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Marco Cook","raw_affiliation_strings":["School of Computng Science, University of Glasgow, Glasgow, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computng Science, University of Glasgow, Glasgow, Scotland","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015767564","display_name":"Ioannis J. Stavrou","orcid":"https://orcid.org/0000-0002-9780-4333"},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Ioannis Stavrou","raw_affiliation_strings":["School of Computng Science, University of Glasgow, Glasgow, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computng Science, University of Glasgow, Glasgow, Scotland","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001090853","display_name":"Sarah Dimmock","orcid":null},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sarah Dimmock","raw_affiliation_strings":["School of Computng Science, University of Glasgow, Glasgow, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computng Science, University of Glasgow, Glasgow, Scotland","institution_ids":["https://openalex.org/I7882870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054670253","display_name":"Chris Johnson","orcid":null},"institutions":[{"id":"https://openalex.org/I7882870","display_name":"University of Glasgow","ror":"https://ror.org/00vtgdb53","country_code":"GB","type":"education","lineage":["https://openalex.org/I7882870"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Chris Johnson","raw_affiliation_strings":["School of Computng Science, University of Glasgow, Glasgow, Scotland"],"affiliations":[{"raw_affiliation_string":"School of Computng Science, University of Glasgow, Glasgow, Scotland","institution_ids":["https://openalex.org/I7882870"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5091479151"],"corresponding_institution_ids":["https://openalex.org/I7882870"],"apc_list":null,"apc_paid":null,"fwci":1.6667,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.88229612,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6855297684669495},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5449754595756531},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.5118734240531921},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4769641160964966},{"id":"https://openalex.org/keywords/digital-data","display_name":"Digital data","score":0.41280776262283325},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3975710868835449},{"id":"https://openalex.org/keywords/data-transmission","display_name":"Data transmission","score":0.1669693887233734},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.13780835270881653},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10421416163444519}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6855297684669495},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5449754595756531},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.5118734240531921},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4769641160964966},{"id":"https://openalex.org/C2778864079","wikidata":"https://www.wikidata.org/wiki/Q173285","display_name":"Digital data","level":3,"score":0.41280776262283325},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3975710868835449},{"id":"https://openalex.org/C557945733","wikidata":"https://www.wikidata.org/wiki/Q389772","display_name":"Data transmission","level":2,"score":0.1669693887233734},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.13780835270881653},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10421416163444519}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/cybersecurity49315.2020.9138879","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersecurity49315.2020.9138879","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.gla.ac.uk:267345","is_oa":true,"landing_page_url":"https://eprints.gla.ac.uk/267345/","pdf_url":null,"source":{"id":"https://openalex.org/S4210235606","display_name":"ENLIGHTEN (Jurnal Bimbingan dan Konseling Islam)","issn_l":"2622-8912","issn":["2622-8912","2622-8920"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":{"id":"pmh:oai:eprints.gla.ac.uk:267345","is_oa":true,"landing_page_url":"https://eprints.gla.ac.uk/267345/","pdf_url":null,"source":{"id":"https://openalex.org/S4210235606","display_name":"ENLIGHTEN (Jurnal Bimbingan dan Konseling Islam)","issn_l":"2622-8912","issn":["2622-8912","2622-8920"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W2009166708","https://openalex.org/W2016124028","https://openalex.org/W2041078517","https://openalex.org/W2077699686","https://openalex.org/W2163274247","https://openalex.org/W2184058014","https://openalex.org/W2293276716","https://openalex.org/W2561791320","https://openalex.org/W2742236820","https://openalex.org/W2744632709","https://openalex.org/W2768270002","https://openalex.org/W2781892241","https://openalex.org/W2889436848","https://openalex.org/W2945937333","https://openalex.org/W2946649106","https://openalex.org/W2952754944","https://openalex.org/W2970761526","https://openalex.org/W4254518183","https://openalex.org/W6683915950"],"related_works":["https://openalex.org/W2198066681","https://openalex.org/W2787993192","https://openalex.org/W2067681493","https://openalex.org/W4320801814","https://openalex.org/W2972427363","https://openalex.org/W2893204368","https://openalex.org/W2067157203","https://openalex.org/W2169249759","https://openalex.org/W3002998707","https://openalex.org/W3032662519"],"abstract_inverted_index":{"The":[0,60],"understanding":[1,15,64],"of":[2,16,63,84,110,117,137,188,190,216,230,234],"available":[3],"data":[4,18,57,86,91,111,146,183,223],"artefacts":[5,19],"is":[6,13,76],"fundamental":[7],"to":[8,87,97,181,212,225],"performing":[9],"digital":[10],"forensics.":[11],"There":[12],"good":[14],"what":[17,35,53],"are":[20],"acquirable":[21,161,218],"from":[22,196,207],"common":[23,90],"information":[24,54],"technology":[25],"(IT)":[26],"systems":[27,74],"such":[28,121],"as":[29,122],"a":[30,43,138,150,154],"Windows":[31],"operating":[32],"system":[33],"and":[34,89,106,124,152],"their":[36],"potential":[37,228],"forensic":[38,46,104,131,155],"value":[39],"could":[40],"be.":[41],"As":[42],"result,":[44],"IT":[45],"investigators":[47],"can":[48],"make":[49],"clear":[50],"predictions":[51],"about":[52],"the":[55,82,108,132,135,144,160,175,191,208,214,217,227],"acquired":[56],"would":[58],"yield.":[59],"same":[61],"level":[62],"for":[65,99,130],"programmable":[66],"logic":[67],"controllers":[68],"(PLCs)":[69],"found":[70],"within":[71,185],"industrial":[72,178],"control":[73],"(ICS)":[75],"limited.":[77],"Previous":[78],"research":[79],"has":[80],"restricted":[81],"discussion":[83],"PLC":[85,151,203],"generic":[88],"formats.":[92],"This":[93,141],"makes":[94],"it":[95],"challenging":[96],"prepare":[98],"incidents":[100,120],"proactively,":[101],"develop":[102],"new":[103],"capabilities":[105],"prioritise":[107],"collection":[109],"should":[112],"an":[113],"incident":[114],"occur.":[115],"Examples":[116],"previous":[118],"cyber":[119],"Stuxnet":[123],"Triton":[125],"have":[126],"employed":[127],"ad-hoc":[128],"methods":[129],"investigation,":[133],"highlighting":[134],"lack":[136],"systematic":[139],"approach.":[140],"paper":[142],"examines":[143],"specific":[145],"types":[147],"stored":[148,184],"on":[149,159],"describes":[153],"artefact":[156],"taxonomy":[157],"based":[158],"data.":[162,235],"Data":[163],"acquisition":[164],"tests":[165],"were":[166,200,210],"performed":[167],"primarily":[168],"using":[169],"third-party":[170],"communication":[171],"libraries":[172],"that":[173],"utilise":[174],"PLC's":[176],"proprietary":[177],"communications":[179],"protocol":[180],"leverage":[182],"memory":[186],"structures":[187],"each":[189,232],"tested":[192],"PLCs.":[193],"Three":[194],"PLCs,":[195],"two":[197],"different":[198],"manufacturers":[199],"examined.":[201],"Potential":[202],"attack":[204],"scenarios,":[205],"identified":[206],"literature,":[209],"used":[211],"guide":[213],"evaluation":[215],"data,":[219],"categorised":[220],"into":[221],"high-level":[222],"types,":[224],"highlight":[226],"benefits":[229],"acquiring":[231],"form":[233]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-10T00:00:00"}