According to theCHFI v11 Malware Forensics and Malware Analysis objectives, dynamic malware analysis must be performed in acontrolled, isolated, and well-monitored environmentto both observe malicious behavior and prevent unintended spread to production systems. A key requirement of such an environment is the ability tomonitor and record all system-level changesmade by the malware during execution.
Host Integrity Monitoring (HIM)plays a critical role in dynamic malware analysis by tracking modifications tofiles, registry keys, services, processes, startup locations, system calls, and configuration settings. CHFI v11 emphasizes system behavior analysis as a core component of malware forensics, including monitoring registry artifacts, file system changes, persistence mechanisms, and process activity. HIM enables investigators to safely analyze malware impact while maintaining forensic visibility and containment.
The other options are not aligned with CHFI v11 best practices.Disabling antivirus softwareweakens security controls but does not ensure containment or safety.Running malware on physical machinesincreases the risk of permanent damage and network propagation, which contradicts CHFI guidelines favoring sandboxed or virtualized environments.Using outdated operating systemsdoes not contribute to safety and may introduce irrelevant vulnerabilities.
CHFI v11 strongly advocatescontrolled malware analysis labswith monitoring mechanisms that capture behavioral indicators without exposing production assets. Therefore, implementinghost integrity monitoringis a key design aspect that supports bothsafe containment and effective behavioral analysis, makingOption Athe correct and CHFI-verified answer.
