Certified Information Systems Security Professional (CISSP) — Question 327

Which of the following BEST describes the purpose of software forensics?

Answer options

• A. To analyze possible malicious intent of malware
• B. To perform cyclic redundancy check (CRC) verification and detect changed applications
• C. To determine the author and behavior of the code
• D. To review program code to determine the existence of backdoors

Correct answer: C

Explanation

The correct answer is C, as software forensics is primarily concerned with identifying the author of a piece of code and understanding its behavior. Options A, B, and D, while relevant to security assessments, do not encapsulate the core purpose of software forensics, which is focused on attribution and analysis of code origin and functionality.