Traditionally, digital forensics has focused on low-level data such as file systems, network packets, and unidentified binary data. Since the advent of the Industrial Internet of Things (IIoT), exploding ecosystems have made it difficult to provide the high degree of expertise, systematic engineering analysis, and various parameters need to be manually figured that digital forensics requires. A smarter digital forensics is needed to embrace numerous heterogeneous ecosystems, and a solution has been sought through security technologies that have undergone similar upheavals. Deep learning has enabled modern industrial systems as a discriminant model in the recent security era.
In this thesis, we propose smart digital forensics by applying supervised learning to industrial networks and systems. We first apply every possible digital forensic techniques to the IIoT as a case study. As systems forensics, everything from data access methods to artifact acquisition, analysis, and file system forensics are performed. As network forensics, it targets various ecosystems from Internet of Things (IoT) network, industrial network, and In-Vehicle Network (IVN). Finally, as a smart digital forensics, the application of supervised learning to industrial network is proposed. The case study showing that forensically effective evidence was collected and cross-validated through various data acquisition schemes. It was possible to verify the limitations and complementarity of each of the digital forensics techniques regardless of scale. The smart digital forensics, an application of supervised learning, demonstrated the validity based on credible datasets with a number of related studies.