Computer Hacking Forensic Investigator (CHFI v10) — Question 552

An investigator is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:

Answer options

• A. Dynamic analysis
• B. Threat hunting
• C. Threat analysis
• D. Static analysis

Correct answer: D

Explanation

Static analysis is the correct choice because it involves examining the file's code without executing it, which helps in identifying hidden IOCs safely. Dynamic analysis, on the other hand, involves running the code, which could trigger malicious actions. Threat hunting and threat analysis are broader strategies that do not specifically focus on safe file examination.