A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A. Open the document on an air-gapped network.
B. View the document's metadata for origin clues.
C. Search for matching file hashes on malware websites.
D. Detonate the document in an analysis sandbox.
A. Open the document on an air-gapped network.
B. View the document's metadata for origin clues.
C. Search for matching file hashes on malware websites.
D. Detonate the document in an analysis sandbox.