Computer Hacking Forensic Investigator (CHFI v10) — Question 217
Brian has the job of analyzing malware for a software security company. Brian has setup a virtual environment that includes virtual machines running various versions of OSes. Additionally, Brian has setup separated virtual networks within this environment. The virtual environment does not connect to the company's intranet nor does it connect to the external Internet. With everything setup, Brian now received an executable file from client that has undergone a cyberattack.
Brian ran the executable file in the virtual environment to see what it would do. What type of analysis did Brian perform?
Answer options
- A. Status malware analysis
- B. Static OS analysis
- C. Static malware analysis
- D. Dynamic malware analysis
Correct answer: D
Explanation
Brian performed dynamic malware analysis because he executed the malware in a controlled environment to observe its behavior in real-time. This contrasts with static analysis, where the code is examined without execution, which would not provide insights into its runtime behavior. The other options do not accurately describe the nature of the analysis he conducted.