fatcousin
// industry vertical

ICS / OT fieldbus protocol forensics

industrial protocol expansion beyond Modbus/DNP3/OPC-UA — IEC 61850 GOOSE + sampled values · HART · Foundation Fieldbus · Profibus DP · CC-Link IE · AS-Interface · MELSEC MC · Omron FINS · Schneider Modicon program changes.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. iec 61850 goose message forensic analyzerdrop goose pcap/text export · parse appid + stnum + sqnum + dataset changes · runs locally
  2. iec 61850 sampled values stream forensic analyzerdrop sv stream export · parse sampling rate + synch + quality flags · runs locally
  3. schneider modicon program change forensic analyzerdrop modicon plc program diff export · parse logic download + online edit events · runs locally
  4. profibus dp master log forensic analyzerdrop profibus dp scan export · parse slave diag + parameter writes · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. hart protocol command log forensic analyzerdrop hart modem command log · parse universal/common cmd + device id · runs locally
  2. foundation fieldbus h1 traffic forensic analyzerdrop ff h1 segment log export · parse scheduled + acyclic transactions · runs locally
  3. cc link ie field network log forensic analyzerdrop cc-link ie frame export · parse cyclic + transient messaging · runs locally
  4. as interface i o cycle log forensic analyzerdrop as-i master cycle log · parse slave profile + fault flags · runs locally
  5. melsec mc protocol log forensic analyzerdrop mitsubishi mc protocol trace · parse read/write device blocks · runs locally
  6. omron fins protocol log forensic analyzerdrop omron fins udp/tcp log export · parse memory area read/write · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper fieldbus coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready