Ransomware can be generalized to unauthorized user file modification on a computer’s operating system. A computer’s operating system is built upon a kernel system that acts as a mediator between the operating system and machine code. Therefore, all file changes must use the kernel to modify them. The idea behind Overwatch is to collect user-level file system activity, analyze the data and apply a policy to prevent tampering. This is achieved by using a benign rootkit that hooks system calls and creates a log to be examined. Overwatch is the central server that every agent reports to with their logs. Upon investigation of activity logs, Overwatch will enforce a policy on each agent.