CSIA310 Lab Activity #2: Investigate Incident Detection and Prevention Tools
Lab Activity #2: Investigate Incident Detection and Prevention Tools
Purpose: Assess and Document Incident Detection & Prevention Tools for Windows 10 Workstations.
1. Assess and document the uses of the Windows Defender Antivirus utility as part of the incident response process.
2. Assess and document the uses of the Windows Defender SmartScreen utility as part of the incident response process.
Overview:
There are many different types of tools which perform automated detection and prevention of known threats (Cichonski, Millar, Grance, & Scarfone, 2012). For this activity, we will focus upon assessing and documenting two such tools which can be used in the detection and analysis phase of the Incident Response Process (as defined in NIST SP 800-61r2).
First, we will examine the host-based anti-virus (malware detection) and host-based intrusion detection and prevention capabilities that are built into Windows 10 in the Windows Defender Antivirus (AV) utility (Microsoft, 2017a; Microso
-
Rating:
5/
Solution: CSIA310 Lab Activity #2: Investigate Incident Detection and Prevention Tools