In this assignment, you will assess and document tools to be used by the Sifers-Grayson Incident Response Team during the preparation, detection, containment, eradication, and recovery phases of the Incident Response Process (as defined in NIST SP 800-61r2). The deliverable for this assignment is a set of three customized procedures suitable for inclusion in the Sifers-Grayson Incident Response Procedures Manual. Each procedure must be written so that it can be added / updated / removed without impacting other procedures in the manual. In other words, the procedures must be self-contained and stand on their own.
Your deliverable must use the provided MS Word template file (contact your instructor for formatting guidance if you cannot use this file). The required procedures are described below.
Procedure 1: Using System Restore Points under Windows 10
Identify appropriate sources of information and instructions for using the Windows 10 Control Panel and System Restore tool. Using those sources, research the procedures required to perform the following tasks:
Create a system restore point for a Windows 10 system
Use a specific system restore point to roll-back changes made to a Windows 10 system
Delete system restore points from a Windows 10 system
Identify how the System Restore tool could be used during the incident response and recovery process (it may be useful in more than one phase). Typical uses include:
Prepare a known-good backup for operating system files and data structures (e.g. the system registry and the information stored within it)
Remove unauthorized configuration changes
Restore the system to full operating status after an attack or suspected attack
Remove failed software installations and/or unwanted changes to the operating system, applications software, and/or files.
Write a guidance document that identifies the tool, explains the capabilities it provides, and then lists and briefly describes the recommended uses identified under item #2. Add a list of resources that can be consulted for additional information. Next, summarize the procedures required to perform the tasks listed under item #1 (do not provide step-by-step instructions). Close your guidance document with a Notes / Warnings / Restrictions section that answers the question “Is there anything else the incident responder needs to be aware of when using this tool?”