The translation was automatically locked due to following alerts: Could not merge the repository.
Loading…
None
String updated in the repository |
Things to check
Glossary
English | Portuguese | ||
---|---|---|---|
No related strings found in the glossary. |
Loading…
None
String updated in the repository |
English | Portuguese | ||
---|---|---|---|
No related strings found in the glossary. |
>
> 1. Check for suspicious programs starting automatically
> 2. Check for suspicious running processes
> 3. Check for suspicious kernel extensions
>
> The website [Objective-See](https://objective-see.com) provides several freeware utilities that facilitate this process:
>
> - [KnockKnock](https://objective-see.com/products/knockknock.html) can be used to identify all programs that are registered to start automatically.
> - [TaskExplorer](https://objective-see.com/products/taskexplorer.html) can be used to check running processes and identify those that look suspicious (for example because they are not signed, or because they are flagged by VirusTotal).
> - [KextViewr](https://objective-see.com/products/kextviewr.html) can be used to identify any suspicious kernel extension that is loaded on the Mac computer.
>
> In case these do not reveal anything immediately suspicious and you want to perform further triage you could use [Snoopdigg](https://github.com/botherder/snoopdigg). Snoopdigg is a utility that simplifies the process of collecting some information on the system and takes a full memory snapshot.
>
> An additional tool that could be useful to collect further details (but that requires some familiarity with terminal commands) is [AutoMacTC](https://www.crowdstrike.com/blog/automating-mac-forensic-triage/) by the American cybersecurity company CrowdStrike.
>
> 1. Verifique programas suspeitos iniciando automaticamente
> 2. Verifique processos suspeitos
> 3. Verifique extensões de kernel suspeitas
>
> O site [Objective-See (em inglês)](https://objective-see.com) oferece diversas ferramentas livres que facilitam este processo:
>
> - [KnockKnock](https://objective-see.com/products/knockknock.html) pode ser usado para identificar todos os programas registrados para iniciar automaticamente.
> - [TaskExplorer](https://objective-see.com/products/taskexplorer.html) pode ser usado para verificar processos em execução e identificar aqueles que parecem se comportar de maneira suspeita (por exemplo os que não possuem assinatura de desenvolvedor, ou são marcados suspeitos no site VirusTotal).
> - [KextViewr](https://objective-see.com/products/kextviewr.html) pode ser usado para identificar qualquer extensão de kernel (que atuam basicamente como os drivers do sistema no Windows ou módulos no Linux e Android) que possam ser suspeitas no funcionamento do Mac.
>
> Em caso de nenhuma delas não revelar nada imediatamente suspeito e você desejar fazer uma análise posterior mais elaborada, você pode usar a ferramenta [Snoopdigg](https://github.com/botherder/snoopdigg). Snoopdigg é um utilitário que simplfica a coleta de informação do sistema e tira uma imagem completa da memória do sistema.
>
> Uma ferramenta adiciona que pode ser útil para coletar detalhes mais imersivos (mas que requer familiaridade com terminal de linha de comando) é a [AutoMacTC](https://www.crowdstrike.com/blog/automating-mac-forensic-triage/), da empresa de cibersegurança estadunidense CrowdStrike.