Digital Forensics and Incident Response for PLCs

Instructor-led training course

Please contact us if you have any questions.

Course Description

Attacks against industrial control systems (ICS) are on the rise. To effectively respond to this emerging threat, organizations must be aware of the challenges that come along with performing digital forensics and incident response (DFIR) for ICS. This course is designed to give ICS security personnel the skills needed to identify and understand threats targeting ICS devices that use embedded operating systems such as VxWorks and Windows CE. This fast-paced technical course offers learners hands-on experience investigating targeted attacks and guides them through the steps required to analyze and triage compromised ICS.

Learning Objectives

After completing this course, learners should be able to:

  • Learn to investigate targeted attacks against ICS
  • Understand the steps required to triage compromised ICS

Who should attend

Incident response team members, threat hunters, information security professionals and industrial control system security professionals.


Background in ICS, PLCs and other embedded devices and operating systems. Background in forensic analysis, network traffic analysis, log analysis, security assessments and penetration testing, security architecture, and system administration.

Delivery method

In-classroom instructor-led training


  • 1 day

What to bring

Students are required to bring their own laptop that meets the following specs:

  • Windows 7+ or Windows 7 Virtual machine
  • VMware Player or Workstation
  • 20 GB of free HDD space
  • Wireless connectivity