An investigator is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:
An investigator is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:
The correct examination technique for an investigator to avoid code execution while identifying potentially malicious content is static analysis. Static analysis involves examining the file's code, structure, and metadata without running the file, thus eliminating the risk of executing any malicious code. This method allows the investigator to uncover hidden indicators of compromise (IOC) such as suspicious code patterns and embedded malicious payloads safely.
D. Static analysis Explanation: Static Analysis: This involves examining the file without executing it. The investigator analyzes the file’s code, structure, and metadata to uncover indicators of compromise (IOCs) such as suspicious code patterns, embedded malicious payloads, and other characteristics that might indicate malicious intent. Dynamic Analysis: This involves executing the file in a controlled environment to observe its behavior. This approach can potentially execute malicious code, so it's not suitable if the goal is to avoid code execution. Threat Hunting: This is a proactive approach to searching for signs of malicious activities within the network or systems. It's broader and may involve dynamic analysis among other techniques. Threat Analysis: This generally refers to assessing the threat landscape, understanding threats, and their potential impacts, which is not specific to examining a file for malicious content.