Procedure 3: Restore the System Disk for a Windows 8.1 Workstation
Use the same tool and tool research as performed for Procedure #5. If necessary, identify additional sources of information and instructions for using your selected tool(s) to perform the following tasks:
Verify the validity of the backup image or file (using the hash code).
Use the “known good” copy (system backup or system image) to rebuild a workstation hard drive so that it contains the Windows 8.1 operation system and installed applications.
Identify how the tool could be used during the containment, eradication & recovery phase of the incident response and recovery process. Typical uses include:
Restore workstation hard drives to a “known good” configuration.
Build a new system disk using a replacement or newly purchased hard drive.
Restore the system to full operating status after an attack or suspected attack.
Write a guidance document that identifies the tool, explains the capabilities it provides, and then lists and briefly describes the recommended uses identified under item #2. Add a list of resources that can be consulted for additional information. Next, summarize the procedures required to perform the tasks listed under item #1 (do not provide step-by-step instructions). Close your guidance document with a Notes / Warnings / Restrictions section that answers the question “Is there anything else the incident responder needs to be aware of when using this tool?”