Which practice involves performing static analysis on suspicious files to understand their structure without execution?

Static analysis of suspicious files means inspecting the file itself without running it, to learn its structure, contents, and potential behavior. You look at things like headers and sections, import tables, embedded strings, metadata, and entropy to spot signs of packing, obfuscation, or malicious intent. This approach focuses on the file’s data and layout rather than its execution, which is why it fits under file/data analysis. In contrast, registry/configuration tools examine system settings, log analyzers parse logs, and network capture analyzes live traffic—all unrelated to probing a file’s internal structure without execution.