An analyst is investigating anomalous behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string.
The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the 'compose' window.
Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?
Click on the arrows to vote for the correct answer
A. B. C. D. E.A.
The analyst is investigating anomalous behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee reports that the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the compose window. The goal of the analyst is to understand and characterize the malicious behavior.
Option A, reverse engineering the application binary, involves analyzing the compiled code of the email client. This may provide some insight into how the email client is behaving, but it is unlikely to be the best option for characterizing the malicious behavior in this situation.
Option B, performing static code analysis on the source code, would require access to the source code of the email client. This is unlikely to be available to the analyst, as the email client is likely a commercial product developed by a third-party vendor.
Option C, analyzing the device firmware via the JTAG interface, involves connecting to the device's debug interface to access the firmware. While this may provide some insight into the behavior of the email client, it is unlikely to be the best option for understanding and characterizing the malicious behavior.
Option D, changing to a whitelist that uses cryptographic hashing, is not directly relevant to understanding and characterizing the malicious behavior of the email client.
Option E, penetration testing the mobile application, involves actively testing the security of the application and its underlying systems. This would provide the analyst with a better chance of understanding and characterizing the malicious behavior of the email client.
Therefore, option E, penetration testing the mobile application, would provide the analyst with the BEST chance of understanding and characterizing the malicious behavior. By performing a penetration test, the analyst can identify vulnerabilities in the email client and determine how the attacker is exploiting these vulnerabilities to carry out the malicious behavior.