Exam 312-49v10 topic 1 question 515 discussion

D. Dynamic analysis

Steps Involved in Dynamic Analysis: Isolate the System: Ensure that the system is isolated from the network to prevent the malware from spreading or communicating with external servers. Use a Sandbox Environment: Execute the malware in a sandbox environment or a virtual machine to safely observe its behavior without risking the actual system. Monitor File System Activity: Use tools like Process Monitor or Sysinternals Suite to track file creation, modification, and deletion events in real-time. Track Disk Usage: Monitor disk space usage to identify any significant changes that might indicate the creation of multiple copies of files. Log Analysis: Review logs generated during the dynamic analysis to gather evidence of the malware’s activities.

A < Fingerprinting can test.

D. Dynamic analysis Dynamic analysis involves observing the behavior of a system or software while it is running or executing. In this case, Chong-lee suspects that a malware is consuming disk space by continuously making copies of files and folders. Dynamic analysis would involve monitoring the system's behavior in real-time to observe any unusual or unexpected activity that confirms the claim. This could include monitoring disk space usage, file creation and deletion, and other system activities to determine if a malware is indeed performing the described behavior.

Dynamic Analysis makes much more sense. Mark starting disk space, start the malware, and then monitor disk space usage with no other activity taking place.

File Fingerprinting is part of the Static Analysis. The question is a bit unclear in my opinion.