Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files.
Architecture
The framework provides investigators with a convenient way to scan for PLCs and identify any suspicious artifacts within ICS environments, which can be used for manual checking, automated monitoring tasks, or incident response operations to detect compromised devices.
ICSpector allows investigators to review and customize the output to their requirements. It’s available on GitHub.