**5. Penetration testing targeting**

Cost efficiency is a critical factor in any digital investigation. Many elements, such as complexity and data volumes, hinder the efficient completion of investigation in CI environments. Consequently, strategies have to be employed to speed the completion without compromising the integrity of an investigation. Penetration testing is one such strategy. It is usually controlled and handled by penetration testers or qualified auditors and security specialists who are contracted in to scope the system and to identify useful investigation targets before the formal investigation proceeds. A penetration test seeks out the vulnerabilities of the system that an attacker could exploit, and where the system weaknesses are located. Such tests are performed from inside and outside the CI network infrastructure in order to test the overall performance of the network. The tests also determine the security level by categorizing the potential risks from high to low on the different interfaces. CI systems are a combination of applications interconnected to the control plane by network, hosts or branch networks. Penetration testing is a simulation process where real world attacks are made on potential targets to simulate the scope of hackers, attackers and other intruders. Penetration testing is also a valuable step towards developing a secure system that has assessed and mitigated potential vulnerabilities.

A basic penetration test may involve scanning for hosts' IP addresses in the network in order to check whether they are offering services with known vulnerabilities or hidden vulnerabilities that may be used in exploitation processes. The process would then extend to scanning ports for each host in the network and identifying unwanted opened ports that could be used as a gateway to the system. After following the penetration test plan the findings are reviewed and documented to be sent to stakeholders and investigators for action.

The objectives for penetration testing are [29, 30]:


Important matters that come into consideration for planning CI penetration testing are aspects such as the scope, the intensity, the approach, the implementation techniques, and where to start. Each of these considerations will now be reviewed. The scope of the penetration test considers which systems and the degree to which each system will be tested. The cost may be reduced and complexity of the solution by limiting the extent of the testing in three categories:


**85**

*The Role of Penetration Testing in Forensic Multimedia Retrieval Process*

efficient and deliver the best results earlier.

**6. Conclusion**

over the discovery processes.

• By performing Focused testing, where either one part of the system is tested or one service of the systems. The approach will provide only information about the test part not general information about the overall system security status.

The intensity of penetration testing is determined by the urgency of the situation. The urgency is measured by risk and is categorized into four metrics:

• Aggressive, is the highest level of penetration testing which generates a vast amount of network traffic about the infrastructure. The penetration tester tries to exploit all possible vulnerabilities in the system to identify whether the system is infected or secured. Some examples of aggressive attacks could be used in penetration testing such as Denial of Service attacks and buffer overflows. Calculated, cautious, and passive techniques are employed to get the best results. Covert and overt approaches are also used to sequence information gathering, and to achieve a comprehensive overview of a system. Different implementation techniques are also applied that differentiate characteristics of penetration tests and customize for the CI environment. The best approach, the motivation, and the important considerations when developing the optimal methodology and plan require sensitizing to the CI challenges. The implementation of an effective penetration testing plan can make an investigation cost

Conducting forensic investigations in industrial control systems is a complex process, not only because of the diversity of data and media, but also the variety of physical and logical partitions that are interconnected to the network including name nodes, data nodes and checkpoints. The research has delivered a framework for systematizing the process steps of investigation, and assuring the key issues of volume, format diversity, and management of data, are addressed. The innovation of featuring penetration testing into the investigation processes provides cost efficiencies and targeting towards completeness in an investigation. It steps beyond dependence on tool extraction of evidences, and justifies following the trail of evidence from the point(s) of greatest weakness and to the evidential media within the scope of a case. Such innovation improves assurance of completeness in an investigation and rigor for the methodologies. Digital forensic investigators are challenged by multimedia retrieval and data diversity. The proposed framework of methods is flexible and adaptable to multimedia environments, and assures control

*DOI: http://dx.doi.org/10.5772/intechopen.94934*

*The Role of Penetration Testing in Forensic Multimedia Retrieval Process DOI: http://dx.doi.org/10.5772/intechopen.94934*

• By performing Focused testing, where either one part of the system is tested or one service of the systems. The approach will provide only information about the test part not general information about the overall system security status.

The intensity of penetration testing is determined by the urgency of the situation. The urgency is measured by risk and is categorized into four metrics:

• Aggressive, is the highest level of penetration testing which generates a vast amount of network traffic about the infrastructure. The penetration tester tries to exploit all possible vulnerabilities in the system to identify whether the system is infected or secured. Some examples of aggressive attacks could be used in penetration testing such as Denial of Service attacks and buffer overflows. Calculated, cautious, and passive techniques are employed to get the best results. Covert and overt approaches are also used to sequence information gathering, and to achieve a comprehensive overview of a system. Different implementation techniques are also applied that differentiate characteristics of penetration tests and customize for the CI environment. The best approach, the motivation, and the important considerations when developing the optimal methodology and plan require sensitizing to the CI challenges. The implementation of an effective penetration testing plan can make an investigation cost efficient and deliver the best results earlier.
