Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 731 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 731
Topic #: 1
[All 312-49v10 Questions]

A forensic investigator encounters a suspicious executable on a compromised system, believed to be packed using a known program packer, and is password-protected. The investigator has knowledge of the tool used for packing and has the corresponding unpacking tool. What should be the next best course of action to examine the executable?

  • A. Use the unpacking tool to decompress the executable, without dealing with the password
  • B. Run a dynamic analysis on the packed executable in a controlled environment
  • C. Decrypt the password to unpack the executable before analyzing
  • D. Use reverse engineering to understand the attack tool hidden inside
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Elb at May 28, 2024, 9:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
aqeel1506
4 months ago
Option A: Use the unpacking tool to decompress the executable, without dealing with the password Efficiency: Using the unpacking tool designed for the specific packer is the most direct and efficient method. If the tool can bypass the password protection, it will save considerable time and effort. Best Practice: According to the CHFI v10 textbook, using the known and appropriate tools for unpacking executables is recommended as the first step. This aligns with best practices for handling packed files in forensic investigations.
upvoted 1 times
...
ala76nl
4 months, 2 weeks ago
Selected Answer: C
Same question as earlier
upvoted 1 times
...
Elb
5 months, 2 weeks ago
best course of action to examine the executable is dynamic analysis.
upvoted 1 times
...
Elb
5 months, 4 weeks ago
Selected Answer: B
In case of executable files, these programs carry unpackers built into them as well, which unpack the file when user tries to run it and installs the executable on the host system. Some of the widely used packers are UPX, PECompact, BurnEye, Exe Stealth Packer, Smart Packer Pro, etc. Investigators can dynamically analyze these packed executables by running them in a controlled environment and observing their behavior
upvoted 1 times
...
Elb
5 months, 4 weeks ago
C > The packers compress the files using various algorithms. Hence, unless the investigators know the tool that has been used to pack the file and have a tool to unpack it, they will not be able to access it. Program packers that are password-protected can pose a challenge during investigation as investigators need to first decrypt the password to unpack the file.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel