Computer Hacking Forensic Investigator (CHFI) — Question 81

Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

Answer options

• A. File fingerprinting
• B. Identifying file obfuscation
• C. Static analysis
• D. Dynamic analysis

Correct answer: A

Explanation

File fingerprinting is the correct choice because it allows for the identification of duplicate files based on their unique signatures, confirming if malware is creating copies. Identifying file obfuscation, static analysis, and dynamic analysis do not directly address the issue of file duplication and would not provide the necessary evidence to support his claim.