Computer Hacking Forensic Investigator (CHFI v10) — Question 558

An experienced forensic investigator, Chris, is tasked with preparing a testbed for malware analysis. Given the complexity of the malware samples, which are mostly compatible with Windows binary executables, Chris must take meticulous precautions to ensure the integrity of the lab environment. Which of the following procedures would Chris NOT be likely to follow in preparing the testbed for malware analysis?

Answer options

• A. Installing a guest OS such as Ubuntu in virtual machines will serve as forensic workstations
• B. Enabling shared folders and guest isolation allows easy data transfer between host and guest operating systems
• C. Using tools such as INetSim to simulate internet services while ensuring that the NIC card is in "host only" mode
• D. Creating a snapshot of the virtual machine state prior to malware analysis for easy reversion in case of accidental system corruption

Correct answer: B

Explanation

The correct answer is B because enabling shared folders and guest isolation can expose the host system to risk, which is contrary to the precautions necessary for a secure malware analysis environment. Options A, C, and D are all valid practices that enhance safety and control during the analysis process.