Computer Hacking Forensic Investigator (CHFI v10) — Question 381

Harry has collected a suspicious executable file from an infected system and seeks to reverse its machine code to instructions written in assembly language.
Which tool should he use for this purpose?

Answer options

• A. HashCalc
• B. Ollydbg
• C. BinText
• D. oledump

Correct answer: B

Explanation

Ollydbg is a powerful debugger specifically designed for analyzing and debugging executable files, making it the best choice for converting machine code to assembly language. HashCalc is used for calculating hashes, BinText extracts text from binaries, and oledump is used for analyzing OLE files, none of which are suitable for reverse engineering executable files.