diff --git a/files/find_change.xml b/files/find_change.xml
index 5754b92..ce8ed30 100644
Binary files a/files/find_change.xml and b/files/find_change.xml differ
diff --git a/labs/lab_01/README.md b/labs/lab_01/README.md
index 2fb7ea5..ac081b0 100644
--- a/labs/lab_01/README.md
+++ b/labs/lab_01/README.md
@@ -28,15 +28,15 @@ Download the PDF file from [here](/files/lab01.pdf).
 
 ### Definition of Integrity
 
-> *Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.* [^1]
+> *Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.*
 
-> *In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity alongside confidentiality.* [^2]
+> *In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity alongside confidentiality.*
 
 ### What is Power Shell
 
 > *PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes.*
 >
-> *PowerShell commands let you manage computers from the command line. PowerShell providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. PowerShell includes a rich expression parser and a fully developed scripting language.* [^3]
+> *PowerShell commands let you manage computers from the command line. PowerShell providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. PowerShell includes a rich expression parser and a fully developed scripting language.*
 
 ## Preparation
 
@@ -64,14 +64,14 @@ Both **www_release** and **wwwroot** should contain:
 |   |__ index.html
 |
 |__ wwwroot/            # Production Image
-|   |
-|   |__ css/
-|   |   |__ style.css
-|   |
-|   |__ js/
-|   |   |__ script.js
-|   |
-|   |__ index.html
+    |
+    |__ css/
+    |   |__ style.css
+    |
+    |__ js/
+    |   |__ script.js
+    |
+    |__ index.html
 ```
 
 ## Activity 1: Listing items in a directory
@@ -282,6 +282,8 @@ Write-Host "Any file listed below is a new or changed file.`n"
 (Compare-Object $good $prod -Property hash -PassThru | Where-Object{$_.SideIndicator -eq '=>'}).Path
 
 Write-Host "`nFile analysis completed."
+
+timeout /t -1
 ```
 
 ## Activity 6: Identify possible malicious changes in a target directory
diff --git a/labs/lab_02/README.md b/labs/lab_02/README.md
index 61b2077..669b85e 100644
--- a/labs/lab_02/README.md
+++ b/labs/lab_02/README.md
@@ -21,22 +21,125 @@ Download the PDF file from [here](/files/lab02.pdf).
 
 ### Definition of Integrity
 
-> *Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.* [^1]
+> *Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.*
 
-> *In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity alongside confidentiality.* [^2]
+> *In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity alongside confidentiality.*
 
-### What is Power Shell
+### What is Windows' Task Scheduler?
 
-> *PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes.*
+> *Task Scheduler is a component of Microsoft Windows that provides the ability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals: job scheduling (task scheduling).*
 >
-> *PowerShell commands let you manage computers from the command line. PowerShell providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. PowerShell includes a rich expression parser and a fully developed scripting language.* [^3]
+> *It was first introduced in the Microsoft Plus! for Windows 95 as System Agent[1] but was renamed to Task Scheduler in Internet Explorer 4.0 and Windows 98. The Windows Event Log service must be running before the Task Scheduler starts up.*
 
-## Solutions
+## Preparation
 
-Download the Solutions from [here](/files/lab02_solution.pdf).
+By now you should have completed lab_01 and found the file(s) different than the golden image. In this new lab we will create a Task using the Windows Task Scheduler to demo finding changes automatically.
+
+## Activity 1: Open the Task Scheduler
+
+You can click ther Start icon and type "scheduler" or "Task Scheduler" and should get:
+
+![TaskScheduler](/labs/lab_02/os_windows/images/01_TaskSchedulerApp.png)
+
+![TaskSchedulerHome](/labs/lab_02/os_windows/images/01A_TaskSchedulerHome.png)
+
+## Activity 2: Create Task
+
+Click "Create Task..." and the following screen should pop up.
+
+![CreateTask](/labs/lab_02/os_windows/images/02_CreateTask.png)
+
+Name your task however you see fit. E.g. "find_changes", "task_findChanges". Also at the bottom "Configure for:" choose **Windows 10** if you are on a Windows 10 computer.
+
+![CreateTaskGeneral](/labs/lab_02/os_windows/images/02A_CreateTaskGeneral.png)
+
+## Activity 3: Design your task's trigger
+
+Go into the "Triggers" tab and the following screen should pop up.
+
+![Trigger](/labs/lab_02/os_windows/images/03_Trigger.png)
+
+There are different settings for your trigger. In a real scenario you could probably choose Weekly or if it is a really important application you could choose Daily, however, for this demo you can use the **One Time** option just mind the hour and minutes you set and give yourself some 5 to 10 minutes from this moment.
+
+![NewTrigger](/labs/lab_02/os_windows/images/03A_NewTrigger.png)
+
+This is how it should look afterwards.
+
+![Triggers](/labs/lab_02/os_windows/images/03B_Triggers.png)
+
+## Activity 4: Design your task's action
+
+Go into the "Actions" tab and the following screen should pop up.
+
+![Action](/labs/lab_02/os_windows/images/04_Action.png)
+
+In this case we are going to call powershell and run our dirChecker.ps1 script.
+
+Please copy and paste the following into the "Program/script:" field.
+NOTE: Change the {user}.
+
+```cmd
+powershell -ExecutionPolicy Bypass -File "C:\Users\user\Documents\dirChecker.ps1" -knownGood "C:\Users\user\Documents\integrity_lab\www_release" -productionImage "C:\Users\user\Documents\integrity_lab\wwwroot"
+```
+
+![NewAction](/labs/lab_02/os_windows/images/04A_CreateAction.png)
+
+You should get a confirmation pop up like this one:
+
+![NewActionConfirm](/labs/lab_02/os_windows/images/04B_CreateActionArgs.png)
+
+This is how it should look afterwards.
+
+![Actions](/labs/lab_02/os_windows/images/04C_ActionCreated.png)
+
+## Activity 5: Design your task's conditions
+
+Go into the "Conditions" tab and the following screen should pop up.
+
+For this demo I didn't really change anything here.
+
+![Conditions](/labs/lab_02/os_windows/images/05_Conditions.png)
+
+## Activity 6: Design your task's settings
+
+Go into the "Conditions" tab and the following screen should pop up.
+
+For this demo I didn't really change anything here.
+
+![Settings](/labs/lab_02/os_windows/images/06_Settings.png)
+
+## Activity 7: Reload Task Scheduler
+
+After clicking save, the new task will be created.
+
+Please close the scheduler and open it back again. You should now see your task indexed.
+
+![Settings](/labs/lab_02/os_windows/images/07_ReloadTaskScheduler.png)
+
+## Activity 8: Getting results
+
+Depending on the kind of trigger you chose, you should get the powershell screen and see the same changes identified in lab_01.
+
+If you are not really sure which trigger you chose and want to test your task, select your task from the list and on the right side of the screen click on "Run" to test it.
+
+NOTE: If you directly downloaded the code from the NSA's repo the screen will open and close automatically. If you use the script from the lab_01 you should see at the end of the dirCkecker.ps1 the following:
+```cmd
+timeout /t -1
+```
+Please add it if it is not there.
+
+Now the code will execute, show you the findings, and wait for you to press a key yo continue and close the script. The changes shown here are not neccesarily the ones you should get. You should get the ones from lab_01.
+
+![Findings](/labs/lab_02/os_windows/images/08_Findings.png)
+
+## Activity 9: Cleaning
+
+If you were able to find the changes great. Now, either disable the task or delete it all together.
+
+You should see both options on the same right sidebar were you clicked "Run" previously.
 
 ### Footnotes
 
-- [^1]: [What is the CIA Triad?](https://www.forcepoint.com/cyber-edu/cia-triad)
-- [^2]: [Information Security](https://en.wikipedia.org/wiki/Information_security#Integrity)
-- [^3]: [What is PowerShell?](https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7)
\ No newline at end of file
+- [What is the CIA Triad?](https://www.forcepoint.com/cyber-edu/cia-triad)
+- [Information Security](https://en.wikipedia.org/wiki/Information_security#Integrity)
+- [What is Windows' Task Scheduler?](https://en.wikipedia.org/wiki/Windows_Task_Scheduler)
diff --git a/labs/lab_02/os_windows/act.PNG b/labs/lab_02/os_windows/act.PNG
deleted file mode 100644
index a175fe0..0000000
Binary files a/labs/lab_02/os_windows/act.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/action.PNG b/labs/lab_02/os_windows/action.PNG
deleted file mode 100644
index f798779..0000000
Binary files a/labs/lab_02/os_windows/action.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/action2.PNG b/labs/lab_02/os_windows/action2.PNG
deleted file mode 100644
index 8a42796..0000000
Binary files a/labs/lab_02/os_windows/action2.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/createTask.PNG b/labs/lab_02/os_windows/createTask.PNG
deleted file mode 100644
index 4fb9d9d..0000000
Binary files a/labs/lab_02/os_windows/createTask.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/images/01A_TaskSchedulerHome.png b/labs/lab_02/os_windows/images/01A_TaskSchedulerHome.png
new file mode 100644
index 0000000..22ab56f
Binary files /dev/null and b/labs/lab_02/os_windows/images/01A_TaskSchedulerHome.png differ
diff --git a/labs/lab_02/os_windows/images/01_TaskScheduler.PNG b/labs/lab_02/os_windows/images/01_TaskScheduler.PNG
deleted file mode 100644
index fd422bb..0000000
Binary files a/labs/lab_02/os_windows/images/01_TaskScheduler.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/images/01_TaskSchedulerApp.png b/labs/lab_02/os_windows/images/01_TaskSchedulerApp.png
new file mode 100644
index 0000000..81d81c7
Binary files /dev/null and b/labs/lab_02/os_windows/images/01_TaskSchedulerApp.png differ
diff --git a/labs/lab_02/os_windows/images/02A_CreateBasicTask.PNG b/labs/lab_02/os_windows/images/02A_CreateBasicTask.PNG
deleted file mode 100644
index d106625..0000000
Binary files a/labs/lab_02/os_windows/images/02A_CreateBasicTask.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/images/02A_CreateTaskGeneral.png b/labs/lab_02/os_windows/images/02A_CreateTaskGeneral.png
new file mode 100644
index 0000000..4d5e96e
Binary files /dev/null and b/labs/lab_02/os_windows/images/02A_CreateTaskGeneral.png differ
diff --git a/labs/lab_02/os_windows/images/02_CreateBasicTask.PNG b/labs/lab_02/os_windows/images/02_CreateBasicTask.PNG
deleted file mode 100644
index d823b2a..0000000
Binary files a/labs/lab_02/os_windows/images/02_CreateBasicTask.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/images/02_CreateTask.png b/labs/lab_02/os_windows/images/02_CreateTask.png
new file mode 100644
index 0000000..69cefe5
Binary files /dev/null and b/labs/lab_02/os_windows/images/02_CreateTask.png differ
diff --git a/labs/lab_02/os_windows/images/03A_NewTrigger.png b/labs/lab_02/os_windows/images/03A_NewTrigger.png
new file mode 100644
index 0000000..929c3d4
Binary files /dev/null and b/labs/lab_02/os_windows/images/03A_NewTrigger.png differ
diff --git a/labs/lab_02/os_windows/images/03A_TaskTriggerDaily.PNG b/labs/lab_02/os_windows/images/03A_TaskTriggerDaily.PNG
deleted file mode 100644
index 96f01cc..0000000
Binary files a/labs/lab_02/os_windows/images/03A_TaskTriggerDaily.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/images/03B_Triggers.png b/labs/lab_02/os_windows/images/03B_Triggers.png
new file mode 100644
index 0000000..43eaab3
Binary files /dev/null and b/labs/lab_02/os_windows/images/03B_Triggers.png differ
diff --git a/labs/lab_02/os_windows/images/03_TaskTrigger.PNG b/labs/lab_02/os_windows/images/03_TaskTrigger.PNG
deleted file mode 100644
index 75dd6c6..0000000
Binary files a/labs/lab_02/os_windows/images/03_TaskTrigger.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/images/03_Trigger.png b/labs/lab_02/os_windows/images/03_Trigger.png
new file mode 100644
index 0000000..d88f623
Binary files /dev/null and b/labs/lab_02/os_windows/images/03_Trigger.png differ
diff --git a/labs/lab_02/os_windows/images/04A_CreateAction.png b/labs/lab_02/os_windows/images/04A_CreateAction.png
new file mode 100644
index 0000000..29a1929
Binary files /dev/null and b/labs/lab_02/os_windows/images/04A_CreateAction.png differ
diff --git a/labs/lab_02/os_windows/images/04B_CreateActionArgs.png b/labs/lab_02/os_windows/images/04B_CreateActionArgs.png
new file mode 100644
index 0000000..1fa73c7
Binary files /dev/null and b/labs/lab_02/os_windows/images/04B_CreateActionArgs.png differ
diff --git a/labs/lab_02/os_windows/images/04C_ActionCreated.png b/labs/lab_02/os_windows/images/04C_ActionCreated.png
new file mode 100644
index 0000000..6a94097
Binary files /dev/null and b/labs/lab_02/os_windows/images/04C_ActionCreated.png differ
diff --git a/labs/lab_02/os_windows/images/04_Action.PNG b/labs/lab_02/os_windows/images/04_Action.PNG
index 5b5f03a..6d39238 100644
Binary files a/labs/lab_02/os_windows/images/04_Action.PNG and b/labs/lab_02/os_windows/images/04_Action.PNG differ
diff --git a/labs/lab_02/os_windows/images/05_Conditions.png b/labs/lab_02/os_windows/images/05_Conditions.png
new file mode 100644
index 0000000..25aae52
Binary files /dev/null and b/labs/lab_02/os_windows/images/05_Conditions.png differ
diff --git a/labs/lab_02/os_windows/images/06_Finish.PNG b/labs/lab_02/os_windows/images/06_Finish.PNG
deleted file mode 100644
index 2f28187..0000000
Binary files a/labs/lab_02/os_windows/images/06_Finish.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/images/06_Settings.png b/labs/lab_02/os_windows/images/06_Settings.png
new file mode 100644
index 0000000..08d7e9f
Binary files /dev/null and b/labs/lab_02/os_windows/images/06_Settings.png differ
diff --git a/labs/lab_02/os_windows/images/07_ReloadTaskScheduler.png b/labs/lab_02/os_windows/images/07_ReloadTaskScheduler.png
new file mode 100644
index 0000000..e58aef5
Binary files /dev/null and b/labs/lab_02/os_windows/images/07_ReloadTaskScheduler.png differ
diff --git a/labs/lab_02/os_windows/images/08_Findings.png b/labs/lab_02/os_windows/images/08_Findings.png
new file mode 100644
index 0000000..2af109e
Binary files /dev/null and b/labs/lab_02/os_windows/images/08_Findings.png differ
diff --git a/labs/lab_02/os_windows/images/Capture.PNG b/labs/lab_02/os_windows/images/Capture.PNG
deleted file mode 100644
index 9b7c31b..0000000
Binary files a/labs/lab_02/os_windows/images/Capture.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/settings.PNG b/labs/lab_02/os_windows/settings.PNG
deleted file mode 100644
index 757159d..0000000
Binary files a/labs/lab_02/os_windows/settings.PNG and /dev/null differ
diff --git a/labs/lab_02/os_windows/trigger.PNG b/labs/lab_02/os_windows/trigger.PNG
deleted file mode 100644
index 7c29a39..0000000
Binary files a/labs/lab_02/os_windows/trigger.PNG and /dev/null differ