What to expect when you're all of a sudden called in to investigate a suspected cyber attack against a power plant or an oil refinery? How does such a system even look like from DFIR perspective, and how would an adversary approach attacking them?

In this talk I will teach you some basics of Industrial Control Systems (ICS), explain what a successful cyber attack against an ICS system often looks like, and finally present my personal opinion on how investigating an ICS incident differs from investigating a compromised IT system. If you've never heard about the ICS Cyber Kill Chain or don't know what a PLC or an RTU is, then this talk is for you!