Computer Hacking Forensic Investigator (CHFI v10) — Question 592

A Computer Hacking Forensic Investigator (CHFI) is conducting an analysis of malware obtained from a Darknet source. The CHFI is preparing to run the malware in a controlled environment and plans to record the malware's behavior for further investigation. Based on the available supporting tools, which combination would best suit the CHFI's needs in this scenario?

Answer options

• A. Virtual Box for virtualization, QualNet for network simulation, and Camtasia for screen capture and recording
• B. Parallels Desktop 16 for virtualization, ns-3 for network simulation, and Ezvid for screen capture and recording
• C. VMware vSphere Hypervisor for virtualization, Riverbed Modeler for network simulation, and Genie Backup Manager Pro for OS backup and imaging
• D. Virtual Box for virtualization, NetSim for network simulation, and Snagit for screen capture and recording

Correct answer: D

Explanation

The correct answer is D, as it includes Virtual Box, which is a widely used virtualization tool, NetSim for effective network simulation, and Snagit for capturing and recording the screen activities. Options A, B, and C include tools that are either not as suitable for the task at hand or do not provide the necessary capabilities for recording the malware's behavior effectively.