**6. Conclusion**

*Multimedia Information Retrieval*

vulnerabilities.

**5. Penetration testing targeting**

Cost efficiency is a critical factor in any digital investigation. Many elements, such as complexity and data volumes, hinder the efficient completion of investigation in CI environments. Consequently, strategies have to be employed to speed the completion without compromising the integrity of an investigation. Penetration testing is one such strategy. It is usually controlled and handled by penetration testers or qualified auditors and security specialists who are contracted in to scope the system and to identify useful investigation targets before the formal investigation proceeds. A penetration test seeks out the vulnerabilities of the system that an attacker could exploit, and where the system weaknesses are located. Such tests are performed from inside and outside the CI network infrastructure in order to test the overall performance of the network. The tests also determine the security level by categorizing the potential risks from high to low on the different interfaces. CI systems are a combination of applications interconnected to the control plane by network, hosts or branch networks. Penetration testing is a simulation process where real world attacks are made on potential targets to simulate the scope of hackers, attackers and other intruders. Penetration testing is also a valuable step towards developing a secure system that has assessed and mitigated potential

A basic penetration test may involve scanning for hosts' IP addresses in the network in order to check whether they are offering services with known vulnerabilities or hidden vulnerabilities that may be used in exploitation processes. The process would then extend to scanning ports for each host in the network and identifying unwanted opened ports that could be used as a gateway to the system. After following the penetration test plan the findings are reviewed and documented

Important matters that come into consideration for planning CI penetration testing are aspects such as the scope, the intensity, the approach, the implementation techniques, and where to start. Each of these considerations will now be reviewed. The scope of the penetration test considers which systems and the degree to which each system will be tested. The cost may be reduced and complexity of the

• By performing Full penetration testing, the test will examine the overall

• By performing Limited penetration testing, the access will include specific parts of the systems such as systems that are suspected hosts instead of testing

to be sent to stakeholders and investigators for action. The objectives for penetration testing are [29, 30]:

• Identification of security risks;

• Preparing for the most effective starting test targets;

• Improving the performance of security systems;

• Prepare before an event occurs to prevent it; and,

solution by limiting the extent of the testing in three categories:

performance and system safety policies of the target system.

• Reduce critical situations and potential crisis.

**84**

the whole system.

Conducting forensic investigations in industrial control systems is a complex process, not only because of the diversity of data and media, but also the variety of physical and logical partitions that are interconnected to the network including name nodes, data nodes and checkpoints. The research has delivered a framework for systematizing the process steps of investigation, and assuring the key issues of volume, format diversity, and management of data, are addressed. The innovation of featuring penetration testing into the investigation processes provides cost efficiencies and targeting towards completeness in an investigation. It steps beyond dependence on tool extraction of evidences, and justifies following the trail of evidence from the point(s) of greatest weakness and to the evidential media within the scope of a case. Such innovation improves assurance of completeness in an investigation and rigor for the methodologies. Digital forensic investigators are challenged by multimedia retrieval and data diversity. The proposed framework of methods is flexible and adaptable to multimedia environments, and assures control over the discovery processes.

*Multimedia Information Retrieval*
