CISSP · Question #400
Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information form malicious software?
The correct answer is A. Analyze the behavior of the program.. Behavioral analysis of malicious software provides the most comprehensive insight into its capabilities, intent, and impact by observing what it actually does when executed in a controlled environment.
Question
Options
- AAnalyze the behavior of the program.
- BExamine the file properties and permissions.
- CReview the code to identify its origin.
- DAnalyze the logs generated by the software.
How the community answered
(29 responses)- A79% (23)
- B7% (2)
- C3% (1)
- D10% (3)
Why each option
Behavioral analysis of malicious software provides the most comprehensive insight into its capabilities, intent, and impact by observing what it actually does when executed in a controlled environment.
Behavioral analysis (dynamic analysis) involves executing the malware in a sandboxed or controlled environment to observe real-time actions such as network connections, file system changes, registry modifications, and process creation. This approach reveals the malware's full functionality and intent regardless of obfuscation or packing techniques that might hide static indicators. It yields the greatest breadth of forensically relevant information, including indicators of compromise (IOCs) and attacker objectives.
Examining file properties and permissions provides limited metadata such as timestamps and ownership, but reveals almost nothing about the malware's actual functionality, payload, or behavior.
Reviewing code to identify origin (static analysis) can be hindered by obfuscation, packing, or encryption, and attributing origin is a narrow objective that does not yield the full scope of what the malware does.
Analyzing logs generated by the software is useful but secondary, as logs may be incomplete, tampered with, or not generated at all by sophisticated malware designed to evade detection.
Concept tested: Dynamic behavioral analysis of malware in forensics
Source: https://www.cisa.gov/sites/default/files/publications/Malware_Analysis_Explained.pdf
Topics
Community Discussion
No community discussion yet for this question.