This paper presents a case of alleged PLC (Programmable Logic controller) hacking aboard a commercial ship, and the forensic investigation of PLC components. It presents the lessons drawn from this case and the particular difficulty of investigating PLC and SCADA systems onboard. Whereas hacking is often seen as taking control of a ship, or part of a ship, it is also related to the alteration of the sensors, the PLCs, the data logger or the SCADA systems. This alteration can be done from a hacking group but in the investigated case, it is more likely an action triggered either by the ship owner, or the ship manufacturer himself. This paper also advocates for an addition of a section concerning cybersecurity in the SOLAS - Safety Of Life At Sea - convention or one of other IMO (International Maritime Organization) conventions.