Computer Hacking Forensic Investigator (CHFI v10) — Question 599

As part of an ongoing investigation, a CHFI is tasked with identifying and analyzing stealthy malware that has caused severe damage to a major corporation's systems. The malware has left minimal traces, demonstrating its sophisticated nature. It's also believed that the malware originated from the dark web. Based on the available information, what should be the investigator's priority in the malware forensic process?

Answer options

• A. Immediately searching the dark web for similar malware signatures
• B. Creating a list of IoCs from other machines in the network to check for malware presence
• C. Setting up a controlled malware analysis lab to study the behavior of the malware
• D. Sending a copy of the malware to anti-virus companies for urgent signature development

Correct answer: C

Explanation

The correct answer is C because setting up a controlled malware analysis lab allows the investigator to closely observe and understand the malware's behavior, which is crucial for developing effective countermeasures. Options A and D, while potentially useful, do not prioritize direct analysis of the malware itself. Option B focuses on checking for presence but does not aid in understanding the malware's specific characteristics or behavior.