Cyber-physical infrastructures in industrial control systems, including critical infrastructure and manufacturing, heavily on cyber-physical infrastructures and embedded devices. As industrial control systems become more complex and network-centric, physical infrastructure becomes increasingly dispersed and vulnerable. In rapid growth within the competitive technology, we have seen an expressive increase in information security vulnerabilities against such systems, ranging from simple hacking tools to new generation intelligent attacks. With the growing reliance on industrial control networks and, of course, the growing number of attacks, the lack of cyber-security monitoring and forensic analysis of security incidents. Cyber-forensic analysis of ICS/SCADA systems is unlike standard forensic analysis of enterprise computer systems, the cyber-forensic specialist often has to be an expert in cyber-physical infrastructures systems, networks, and devices to determine where potential forensic evidence may be located. This paper discusses ICS/SCADA, typical attacks and vulnerabilities, problems with forensic analysis, and the development of forensic methodology/tools for such systems.