Question

A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:

^32^[34fda19(fd^43gfd/home/user/lib/ .343jk^rfw(342fds43g

Which of the following did the analyst use to determine the location of the malicious payload?

A. Code deduplicators
B. Binary reverse-engineering
C. Fuzz testing
D. Security containers

Answer 1

The forensic analyst likely used binary reverse-engineering to examine the binary code and identify the location of the malicious payload within the tool's file system. So, the correct option is B. Binary reverse-engineering.

Step-by-step explanation:

In order to determine the location of a malicious payload in a tool, a forensic analyst might employ several techniques, with binary reverse-engineering being a common approach.

Binary reverse-engineering involves examining the binary code of the tool to understand its structure and functionality.

This technique can reveal hidden or obfuscated code segments that may contain a malicious payload.

Since the snippet provided includes a file path (/home/user/lib/), the analyst likely used their skills in binary reverse-engineering to pinpoint the location within the tool's file system where the suspicious code resides.

So, the correct option is B. Binary reverse-engineering.