What is a keylogger?
A keylogger is something that records keystrokes made on a computer. It captures every key pressed on the keyboard and stores it down in a file or memorybank that can be viewed by the person performing the monitoring in real-time, or at a later date.
What is a keylogger used for?
A keylogger has many uses. Much like a telephone recording system at a call center, the keylogger silently records all keystrokes typed, including emails, word documents, chatroom activity, IRC, instant messages, web addresses and web searching.
Many companies use keyloggers on their company PCs to supervise employees for internet and PC usage compliance. keyloggers can help keep track of activity and allow a company to act on unauthorised activity before it becomes too late.
Here is some sample text recorded with a KeyGhost keylogger
Interpreting the raw log of recorded keystrokes
If you carefully
read the sample text above, you can get a good idea of the activity of
the first user.
The second time a user ('James') logged into the machine and entered his email program where he typed an email address 'email@example.com' and sent a mail to him outlining his plans to upload the design files from the company PC to a public web server. He includes the password 'atlanta69' in the email, which is the one used to access the web server.
Reading down the log further, you can see the web address of the web server when it is typed into an email to 'firstname.lastname@example.org' the user then powers off and the next user 'Maco' logs in and visits hotmail.com where he logs in as 'Maco3421' with the password 'sdur54' he then checks his email before visiting the website www.l0pht.com, a site that offers a password auditing and recovery application 'L0phtCrack'.
Why use a keylogger?
It is much easier to intercept important information before, or as soon as, it enters the computer system. This is because some keystrokes are immediately hidden or encrypted, such as Hotmail passwords, Yahoo passwords and windows login passwords. The strength of PGP (pretty good privacy) encryption is also another reason to catch keystrokes before they are encrypted by the system, because an intercepted email that has been encrypted with PGP can take many thousands of years to decrypt and read if you don't have the private decryption key.
What different types of keylogger exist?
Essentially there are 2 different types of keylogger, each with their own unique benefits. The comparison is below so you can learn to choose which is the most appropriate for your situation.
1) Software keyloggers
For security reasons, the photo (above right) is only a representation of what the KeyGhost looks like. The actual KeyGhost is injection moulded to look exactly like an EMC Balun.
The KeyGhost is a completely self contained hardware unit that simply plugs into the keyboard line of any PC. One can record and retrieve keystrokes without ever installing any software on the PC.
The most obvious and main benefit of a hardware based keylogger is that it is completely undetectable using software and spyware scanners. This means they are the keylogger of choice for long term and stealth surveillance applications.
Hardware keyloggers are also a safe option to use if the PC to be monitored is connected to the internet as they store the (sometimes highly sensitive) recorded information in their own internal memory chip that can not be accessed remotely or copied to a disk. Physical access to the keylogger device is required to retrieve the stored keystrokes.
can also be separate into 2 categories
a) Unsecured onboard memory
b) Encrypted (secured) onboard memory
sub-categories are similar to the software keyloggers.
If a hardware keylogger does not encrypt its memory, then the contents are available to be read by anyone that has access to the device EVEN if they don't have the current access password.
When a hardware keylogger uses a STRONG encryption on its memory, then it becomes virtually impossible for anyone to access the keystrokes that are secured inside the memory chip if they do not know the password that was used to encrypt them.
Hardware keyloggers can also be fitted internally inside a keyboard where they are impossible to detect unless the user physically opens up the keyboard and knows where to look.
A hardware keylogger has its own internal microprocessor which means it operates independently of the operating system and will never slow down or crash the system. Because it stores all the keystroke in its own internal memory, the keystrokes can never be lost even if the target computer crashes, fails or its hard drive is removed and/or destroyed.
Choosing the right keylogger is not a simple task. You should first decide on the level of security that you will require during the monitoring process.
1. Is the information
that will be captured sensitive in any way?
2. Is the computer that you are monitoring connected to the internet?
3. Will multiple users be accessing the computer?
4. Are you interested in both outgoing and incoming information?
5. Do you require screen capture capability? (caution*)
6. Do you need complete stealth during the operation?
7. Is the monitoring target a Power User or relatively inexperienced with PCs?
8. Does the PC have USB ports or a floppy drive attached?
9. Is the PC hidden under a desk or up in plain view?
10. Is the PC moved on a regular bases?
11. Do you have administrator access on the PC? (required to install software)
12. Will this be a long term or short term operation?
* Screen capture functionality will slow down the PC significantly which may alert the user as to how they are being monitored and increase risk of detection. If the hard drive runs out of space the PC will become unstable and begin crashing.
Find out about
KeyGhost SX, the hardware keylogger
with built-in high speed download capability.
Read more >>
security, computer, keyboard, record, keys Comparison? How do I choose keyloggers work? How can I use What is the best Compare products. undetetable. What is it and how does it work?. Comparisons, choose, choosing.
Note: Hotmail, Yahoo, Spycop, Adaware, ZoneAlarm and L0phtCrack are the trademarks of their respective owners and are being used as examples for informational purposes only without intent to infringe.
We respect your privacy and security. If you have any questions or comments about this site? Contact the Webmaster. Tel: +64 3 379-3883. Fax: +64 3 379-3885. Email: HelpDesk@keyghost.com. Postal Address: KeyGhost Ltd, P.O.Box 3279, Christchurch 8001, New Zealand. Physical Address: 109 Montreal Street, Christchurch, New Zealand.
© Copyright 2000 KeyGhost Ltd. All rights Reserved.