nerdexam
GIAC

GCIH · Question #750

Which malware investigation approach provides a detailed log of a system's file system, network, registry and process activities?

The correct answer is A. Debugging. Dynamic debugging captures real-time interactions of malware with the host system, producing detailed logs of file, network, registry, and process activity.

Malware Analysis & Advanced Persistent Threats

Question

Which malware investigation approach provides a detailed log of a system's file system, network, registry and process activities?

Options

  • ADebugging
  • BContinuous
  • CDisassembly
  • DSnapshot

How the community answered

(16 responses)
  • A
    94% (15)
  • D
    6% (1)

Why each option

Dynamic debugging captures real-time interactions of malware with the host system, producing detailed logs of file, network, registry, and process activity.

ADebuggingCorrect

Debugging in malware analysis refers to dynamic analysis where malware is executed in a controlled environment while monitoring tools capture all system interactions in real time. This approach records file system changes, network connections, registry modifications, and process creation continuously, making it ideal for understanding malware behavior at runtime.

BContinuous

Continuous is not a recognized standard approach in malware analysis methodology and does not describe a technique that produces detailed behavioral logs.

CDisassembly

Disassembly is a static analysis technique that converts binary code into assembly language for offline review - it does not execute the malware or generate runtime logs of system activity.

DSnapshot

Snapshot analysis compares system state before and after malware execution to identify changes, but does not produce a continuous detailed log of activities as they occur in real time.

Concept tested: Malware analysis - dynamic debugging behavioral logging

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-83r1.pdf

Topics

#dynamic malware analysis#behavioral analysis#process monitoring#debugging

Community Discussion

No community discussion yet for this question.

Full GCIH Practice