Cyber–Physical Systems (CPS) connect the physical world (systems, environments, and humans) with the cyber world (software, data, etc.) to intelligently enhance the operational environment they serve. CPS are distributed software and hardware components embedded in the physical world and possibly attached to humans. They offer smart features, such as enhancing and optimizing the reliability, quality, safety, health, security, efficiency, operational costs, sustainability, and maintainability of physical systems. CPS are also very vulnerable to security attacks and criminal activities. In addition, they are very complex and have a direct impact on their environment. Therefore, it is hard to detect and investigate security attacks, while such attacks may have a catastrophic impact on the physical world. As a result, CPS must incorporate security measures in addition to suitable and effective forensics capabilities. When the security measures fail and an attack occurs, it becomes imperative to perform thorough forensics analysis. Adding effective forensics tools and capabilities will support the investigations of incidents. This paper defines the field of CPS forensics and its dimensions: Technical, Organizational, and Legal. Then, it reviews examples of current research efforts in the field and the types of tools and methods they propose for CPS forensics. In addition, it discusses the issues and challenges in the field that need to be addressed by researchers and developers of CPS. The paper then uses the review outcomes to discuss future research directions to address challenges and create a more effective, efficient, and safe forensics tools and for CPS. This discussion aims to create a starting point for researchers where they can identify the gaps and challenges and create suitable solutions through their research in CPS forensics.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited