Investigating an engineering workstation – Part 4

This entry is part 4 of 4 in the series Investigating an engineering workstation

Finally, as the last part of the blog series we will have a look at the network traffic observed. We will do this in two sections, the first one will cover a few things useful to know if we are in the situation that Wireshark can dissect the traffic for us. The second section will … Continue reading Investigating an engineering workstation – Part 4

Investigating an engineering workstation – Part 3

This entry is part 3 of 4 in the series Investigating an engineering workstation

In our third blog post (part one and two are referenced above) we will focus on information we can get from the projects itself. You may remember from Part 1 that a project created with the TIA Portal is not a single file. So far we talked about files with the “.apXX” extension, like “.ap15_1” … Continue reading Investigating an engineering workstation – Part 3

Investigating an engineering workstation – Part 2

This entry is part 2 of 4 in the series Investigating an engineering workstation

In this second post we will focus on specific evidence written by the TIA Portal. As you might remember, in the first part we covered standard Windows-based artefacts regarding execution of the TIA Portal and usage of projects. The TIA Portal maintains a file called “Settings.xml” under the following path: C:\Users\$USERNAME\AppData\Roaming\Siemens\Portal V15_1\Settings\. Please remember we … Continue reading Investigating an engineering workstation – Part 2

Investigating an engineering workstation – Part 1

This entry is part 1 of 4 in the series Investigating an engineering workstation

In this series of blog posts we will deal with the investigation of an engineering workstation running Windows 10 with the Siemens TIA Portal Version 15.1 installed. In this first part we will cover some selected classic Windows-based evidence sources, and how they behave with regards to the execution of the TIA Portal and interaction … Continue reading Investigating an engineering workstation – Part 1