CompTIA CASP+ (CAS-004) — Question 207

A digital forensics expert has obtained an ARM binary suspected of including malicious behavior. The expert would like to trace and analyze the ARM binary’s execution. Which of the following tools would BEST support this effort?

Answer options

• A. objdump
• B. OllyDbg
• C. FTK Imager
• D. Ghidra

Correct answer: D

Explanation

Ghidra is a powerful reverse engineering tool that provides capabilities for analyzing ARM binaries, making it the best choice for tracing and analyzing execution. OllyDbg is primarily focused on x86 binaries and would not be suitable for ARM. objdump is useful for disassembly but lacks the comprehensive analysis features of Ghidra. FTK Imager is designed for disk imaging and forensic analysis, not specifically for binary execution analysis.