Forensic Reconstruction of an Anonymized Energy-Grid Incident
Overview
What this challenge is about.
Triage the artifacts using a timeline-first methodology. Build a unified timeline across syslog, historian, firewall, and disk-image artifacts (Plaso super-timeline). Identify candidate attack vectors, then for each, find or rule out evidence in at least 2 independent artifact sources. Distinguish cyber-physical causation from hardware-fault causation with evidence. Deliver a 25-page regulator-grade forensic report, the super-timeline, IOCs (indicators of compromise) for sector sharing, and a 1-page CISO summary.
The Brief
What you'll do, and what you'll demonstrate.
Reconstruct a 19-minute partial blackout from multi-source artifacts and produce a regulator-grade report distinguishing cyber from hardware causation.
Earning criteria — what you'll demonstrate
- Reconstruct a multi-source incident timeline under regulatory pressure
- Differentiate cyber causation from hardware causation with falsifiable evidence
- Handle ICS forensic artifacts (historian, RTU syslog) with chain-of-custody discipline
- Produce reporting that satisfies a regulator without overclaiming
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.