Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?
Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?
To confirm the suspicion that malware is making copies of files and folders to consume available disk space, the most appropriate test would be dynamic analysis. Dynamic analysis involves observing and monitoring the system's behavior in real-time while it is running or executing. By doing so, one can track file system activity, monitor disk space usage, and identify any significant changes that indicate the creation of multiple file copies. This approach provides direct evidence of the malware's impact on the system's disk space in contrast to other methods which do not actively monitor real-time behavior.
Dynamic Analysis makes much more sense. Mark starting disk space, start the malware, and then monitor disk space usage with no other activity taking place.
D. Dynamic analysis
Steps Involved in Dynamic Analysis: Isolate the System: Ensure that the system is isolated from the network to prevent the malware from spreading or communicating with external servers. Use a Sandbox Environment: Execute the malware in a sandbox environment or a virtual machine to safely observe its behavior without risking the actual system. Monitor File System Activity: Use tools like Process Monitor or Sysinternals Suite to track file creation, modification, and deletion events in real-time. Track Disk Usage: Monitor disk space usage to identify any significant changes that might indicate the creation of multiple copies of files. Log Analysis: Review logs generated during the dynamic analysis to gather evidence of the malware’s activities.
A < Fingerprinting can test.
D. Dynamic analysis Dynamic analysis involves observing the behavior of a system or software while it is running or executing. In this case, Chong-lee suspects that a malware is consuming disk space by continuously making copies of files and folders. Dynamic analysis would involve monitoring the system's behavior in real-time to observe any unusual or unexpected activity that confirms the claim. This could include monitoring disk space usage, file creation and deletion, and other system activities to determine if a malware is indeed performing the described behavior.
File Fingerprinting is part of the Static Analysis. The question is a bit unclear in my opinion.