Computer Hacking Forensic Investigator (CHFI v10) — Question 456

A cybersecurity investigator is working on a case involving a malicious executable suspected of being packed using a popular program packer. The investigator realizes that the packer used is password-protected. In such a scenario, what should be the investigator's first course of action to analyze the packed file?

Answer options

• A. Mount compound files
• B. Perform static analysis on the packed file
• C. Decrypt the password to unpack the file
• D. Run the packed file in a controlled environment for dynamic analysis

Correct answer: C

Explanation

The correct answer is C because decrypting the password is essential to gain access to the contents of the packed file. Without decrypting it, options like static analysis or dynamic analysis cannot be effectively performed on the packed contents. Mounting compound files does not address the password protection issue directly.