Computer Hacking Forensic Investigator (CHFI v10) — Question 161

Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

Answer options

• A. File fingerprinting
• B. Identifying file obfuscation
• C. Static analysis
• D. Dynamic analysis

Correct answer: D

Explanation

Dynamic analysis is the correct answer because it involves observing the behavior of the malware in real-time, which can reveal if it is making copies of files. The other options, like static analysis, focus on examining the code without executing it, which would not provide evidence of the malware's active behavior.