A vulnerability research team has detected a new variant of a stealth Trojan that disables itself
when it detects that it is running on a virtualized environment. The team decides to use dedicated
hardware and local network to identify the Trojan’s behavior and the remote DNS and IP
addresses it connects to. Which of the following tools is BEST suited to identify the DNS and IP
addresses the stealth Trojan communicates with after its payload is decrypted?
A.
HIDS
B.
Vulnerability scanner
C.
Packet analyzer
D.
Firewall logs
E.
Disassembler