GIAC Certified Incident Handler (GCIH) — Question 43
Which malware investigation approach provides a detailed log of a system’s file system, network, registry and process activities?
Answer options
- A. Debugging
- B. Continuous
- C. Disassembly
- D. Snapshot
Correct answer: A
Explanation
The correct answer is A, Debugging, as it allows for a thorough examination of a system's operations, capturing extensive logs. Options B and D do not focus on detailed logging but rather on ongoing processes and state capture, respectively. Option C, Disassembly, pertains to analyzing code rather than monitoring system activity.