Table of Contents
Question
Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?
A. File fingerprinting
B. Identifying file obfuscation
C. Static analysis
D. Dynamic analysis
Answer
D. Dynamic analysis
Explanation
The correct answer is D. Dynamic analysis.
Dynamic analysis is a type of malware analysis that involves running the malware in a controlled environment and observing its behavior. This can be done in a virtual machine or on a dedicated system that is isolated from the rest of the network. By observing the malware’s behavior, analysts can gain insights into its capabilities, including whether it is capable of making copies of files and folders.
File fingerprinting, identifying file obfuscation, and static analysis are all techniques that can be used to analyze malware, but they are not as effective at detecting malware that is capable of making copies of files and folders. File fingerprinting involves comparing the hash of a file to a known database of malware hashes. Identifying file obfuscation involves looking for techniques that are used to hide the malicious code in a file. Static analysis involves examining the code of a file without running it.
Dynamic analysis is the most effective way to detect malware that is capable of making copies of files and folders. This is because dynamic analysis allows analysts to see the malware in action and to observe its behavior. This can help analysts to identify the malware’s capabilities and to develop strategies for removing it from a system.
Here are some of the benefits of using dynamic analysis for malware analysis:
- It can detect malware that is not detected by other methods. Static analysis and file fingerprinting can only detect malware that is known to exist. Dynamic analysis can detect malware that is new or that has been obfuscated.
- It can provide insights into the malware’s capabilities. By observing the malware’s behavior, analysts can gain insights into its capabilities, such as its ability to steal data, spread to other systems, or launch attacks.
- It can help to develop strategies for removing the malware. By understanding how the malware works, analysts can develop strategies for removing it from a system.
Here are some of the challenges of using dynamic analysis for malware analysis:
- It can be time-consuming. Dynamic analysis can take longer than other methods, such as static analysis.
- It can be risky. Running malware in a controlled environment can pose a risk to the system that is running the malware.
- It requires specialized skills. Dynamic analysis requires specialized skills and knowledge.
Despite the challenges, dynamic analysis is a valuable tool for malware analysis. It can be used to detect malware that is not detected by other methods, to provide insights into the malware’s capabilities, and to help to develop strategies for removing the malware.
Reference
- Ransomware Attacks and Types | How do Locky, Petya and other ransomware differ? (kaspersky.com)
- Computer Hacking Forensic Investigator (CHFI) | Digital Forensics Course | EC-Council (eccouncil.org)
- Computer Hacking Forensic Investigator (C|HFI) – EC-Council (eccouncil.org)
- Computer Hacking Forensic Investigator (C|HFI) Archives – EC-Council (eccouncil.org)
- How to Remove a Virus Creating Shortcuts For Files and Folders in Pen Drives, Memory Cards and USB Drives (a Shortcut Virus) (hetmanrecovery.com)
- Ransomware detection and recovering your files – Microsoft Support
ECCouncil Computer Hacking Forensic Investigator CHFI 312-49v10 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ECCouncil Computer Hacking Forensic Investigator CHFI 312-49v10 exam and earn ECCouncil Computer Hacking Forensic Investigator CHFI 312-49v10 certification.