Computer Hacking Forensic Investigator (CHFI v10) — Question 394

A Forensic Investigator is examining a potential malware incident on a corporate network. The investigator believes the malware might hide in the system's device drivers or alter system files and folders. Which combination of tools would be the most effective for uncovering and analyzing any potential malware hidden in these locations?

Answer options

• A. DriverView and SIGVERIF for device driver analysis and unsigned driver detection
• B. PA File Sight and WinMD5 for file and folder monitoring and MD5 hash value computation
• C. DriverView and FastSum for device driver analysis and file integrity checking
• D. PA File Sight and SIGVERIF for file and folder monitoring and unsigned driver detection

Correct answer: A

Explanation

The correct answer, A, includes DriverView, which specializes in analyzing device drivers, and SIGVERIF, which detects unsigned drivers, making it ideal for uncovering hidden malware in these areas. Options B and D focus on file monitoring but do not specifically address device driver analysis. Option C uses FastSum for file integrity checking, which is not as effective as SIGVERIF for detecting unsigned drivers.