During incident reponse, different data must be acquired from the affected computer systems for forensic 
analysis purposes. In an industrial control system, however, incidents may affect embedded computing 
devices, e.g., PLCs (Programmable Logic Controlers). Acquiring evidence data from PLCs is a non-trivial 
task, because currently, no forensic data acquisition tools for such devices are available. One can use, 
however, maintenance and diagnostic tools available from the PLC manufacturer to get some data out.

The task of the student is the development of a data acquistion tool for PLCs that use available PLC 
maintenance and diagnostic tools. The tool should be easy to configure, and it should also support the 
visualization and the interpretation of the acquired evidence data that helps forensic analysis. Evidence 
data include lists of files, running tasks, open network connections, etc, as well as various log files 
available on the target system.