A document that appears to be malicious has been discovered in an email that was sent to a company`s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain? 

Answer options:

A. Open the document on an air-gapped network.
B. View the document`s metadata for origin clues.
C. Search for matching file hashes on malware websites.
D. Detonate the document in an analysis sandbox.

C