Eccouncil 112-57 Exam - Topic 7 Question 10 Discussion

In static malware analysis, one of the quickest ways to infer capability is to extract and review strings embedded in a binary. Strings frequently reveal command-and-control domains/IPs, mutex names, file paths, registry keys, user-agent values, suspicious commands (PowerShell/cmd), API names, error messages, encryption markers, and configuration fragments. Investigators often use automated utilities to extract these readable artifacts and export them to a text file for later triage, keyword searching, and correlation with other evidence (network logs, endpoint telemetry, and threat intel).

Among the provided options, ResourcesExtract best matches this workflow. It is designed to extract embedded content from executable files---particularly Windows PE resources---and can export extracted textual items (including resource strings/strings tables and related embedded text) into external files for analysis. This aligns with ''performed a string search and saved all the identified strings in a text file.''

The other choices do not fit: R-Drive Image is a disk imaging/backup tool; Ezvid is for screen recording; and Snagit is for screenshots/screen capture. They do not perform automated extraction of strings from malware binaries as a static-analysis step. Therefore, the correct answer is ResourcesExtract (B).