Computer Hacking Forensic Investigator (CHFI v10) — Question 274

Matthew has been assigned the task of analyzing a suspicious MS Office document via static analysis over an Ubuntu-based forensic machine. He wants to see what type of document it is, whether it is encrypted, or contains any flash objects/VBA macros. Which of the following python-based script should he run to get relevant information?

Answer options

• A. oleid.py
• B. oleform.py
• C. oledir.py
• D. pdfid.py

Correct answer: A

Explanation

The correct answer is oleid.py, as it is specifically designed to analyze OLE files and can identify document types, encryption, and embedded objects like VBA macros. The other options, while related to OLE files, do not provide the same level of analysis for document type and encryption as oleid.py does.