What information is shared by a deep file analysis?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A
Command history, process and code change history is not reported.
Only Registry modifications are reported.
Deep file analysis results contains the file's activities, behaviors, and artifacts like dropped files, registry changes and IP communication
Reference:
Deep file analysis is the process of analyzing the contents of a file to identify potential threats or vulnerabilities. It involves analyzing the file at a binary level, looking for any hidden or malicious code that could be used to exploit a system.
During the deep file analysis, the following information could be shared:
B. Code change history: This information refers to any modifications that have been made to the code over time. By analyzing the code change history, analysts can identify any suspicious changes that may have been made to the file.
A. Registry Modifications: The registry is a database that stores configuration settings and other information for the operating system and applications. Registry modifications refer to changes made to the registry by the file being analyzed. By examining registry modifications, analysts can determine if the file made any unauthorized changes to the system.
C. Command history: Command history refers to a log of the commands that have been executed on a system. By examining the command history, analysts can identify any suspicious commands that were executed by the file being analyzed.
D. Process history: Process history refers to a log of the processes that have been executed on a system. By examining the process history, analysts can identify any suspicious processes that were executed by the file being analyzed.
In summary, deep file analysis can provide detailed information about the inner workings of a file, including any modifications made to the code, registry, commands executed, and processes run. This information is critical for identifying potential threats or vulnerabilities that may have been introduced by the file.