An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine or not the attachment is safe?

1. Place it in a malware sandbox.
2. Perform a code review of the attachment.
3. Conduct a memory dump of the CFO's PC
4. Run a vulnerability scan on the email server.