Computer Hacking Forensic Investigator (CHFI v10) — Question 437

During a complex malware investigation, a forensic investigator found a binary executable suspected to contain malicious code. The investigator decides to perform static malware analysis to identify and analyze the threat. Which of the following actions should be performed next by the investigator to reveal essential information about the executable's functionalities and features?

Answer options

• A. Performing a string search in the binary using ResourcesExtract tool
• B. Submitting the executable to VirusTotal for online scanning
• C. Disassembling the binary executable to study its structure and functionality
• D. Calculating the cryptographic hash of the binary file for file fingerprinting

Correct answer: C

Explanation

The correct answer is C because disassembling the binary allows the investigator to analyze its code structure and understand its functionalities in depth. Options A and B provide limited information compared to disassembly, as they either search for strings or rely on external databases. Option D, while useful for verifying file integrity, does not provide insights into the code's behavior or features.