Computer Hacking Forensic Investigator (CHFI v10) — Question 266

Robert is a regional manager working in a reputed organization. One day, he suspected malware attack after unwanted programs started to popup after logging into his computer. The network administrator was called upon to trace out any intrusion on the computer and he/she finds that suspicious activity has taken place within Autostart locations. In this situation, which of the following tools is used by the network administrator to detect any intrusion on a system?

Answer options

• A. Hex Editor
• B. Internet Evidence Finder
• C. Process Monitor
• D. Report Viewer

Correct answer: C

Explanation

Process Monitor is the correct choice as it provides real-time monitoring of file system, registry, and process/thread activity, making it ideal for detecting intrusions. The other options, such as Hex Editor and Internet Evidence Finder, are not specifically designed for intrusion detection, while Report Viewer is primarily used for viewing reports rather than monitoring system activities.