GCIH · Question #750
Which malware investigation approach provides a detailed log of a system's file system, network, registry and process activities?
The correct answer is A. Debugging. Dynamic debugging captures real-time interactions of malware with the host system, producing detailed logs of file, network, registry, and process activity.
Question
Which malware investigation approach provides a detailed log of a system's file system, network, registry and process activities?
Options
- ADebugging
- BContinuous
- CDisassembly
- DSnapshot
How the community answered
(16 responses)- A94% (15)
- D6% (1)
Why each option
Dynamic debugging captures real-time interactions of malware with the host system, producing detailed logs of file, network, registry, and process activity.
Debugging in malware analysis refers to dynamic analysis where malware is executed in a controlled environment while monitoring tools capture all system interactions in real time. This approach records file system changes, network connections, registry modifications, and process creation continuously, making it ideal for understanding malware behavior at runtime.
Continuous is not a recognized standard approach in malware analysis methodology and does not describe a technique that produces detailed behavioral logs.
Disassembly is a static analysis technique that converts binary code into assembly language for offline review - it does not execute the malware or generate runtime logs of system activity.
Snapshot analysis compares system state before and after malware execution to identify changes, but does not produce a continuous detailed log of activities as they occur in real time.
Concept tested: Malware analysis - dynamic debugging behavioral logging
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-83r1.pdf
Topics
Community Discussion
No community discussion yet for this question.