Customer Support Products Company Info Links Helpdesk  
We welcome
MasterCard American Express

Frequently Asked Questions
Press releases
Press releases
Legal Disclaimer
Legal Disclaimer


Join our Affiliate Program - Click for more information








What is a keylogger?

A keylogger is something that records keystrokes made on a computer. It captures every key pressed on the keyboard and stores it down in a file or memorybank that can be viewed by the person performing the monitoring in real-time, or at a later date.


What is a keylogger used for?

A keylogger has many uses. Much like a telephone recording system at a call center, the keylogger silently records all keystrokes typed, including emails, word documents, chatroom activity, IRC, instant messages, web addresses and web searching.

Many companies use keyloggers on their company PCs to supervise employees for internet and PC usage compliance. keyloggers can help keep track of activity and allow a company to act on unauthorised activity before it becomes too late.

Here is some sample text recorded with a KeyGhost keylogger


<PWR><ctrl-alt-del>James<tab>tinna12<ent> <lft><lft><pgu><ent> <ent>I'm uploading the design files to the public web server now, could you get them for me? Its the one we used last time but I changed the password to atlanta69. I hope they don't have a keylogger installed.

<ent><ent>Hi, I calculated the sales figures that are projected for the next year. I have put them up on our web server, under

<PWR><ctrl-alt-del>Administrator<tab>fabelj68<ent> <ent><lft> <ent>Hey, one more thing, <bks>I got hold of some more files for the design team, I put them up on the web server under


Interpreting the raw log of recorded keystrokes

If you carefully read the sample text above, you can get a good idea of the activity of the first user.
You can tell that the user powered on the PC from the <PWR> command, then used Control+Alt+Delete combination to log into the Windows NT based PC as administrator. The Administrator password that is being used becomes clear as 'fabelj68', and you can see the first website visited is and the second is

The second time a user ('James') logged into the machine and entered his email program where he typed an email address '' and sent a mail to him outlining his plans to upload the design files from the company PC to a public web server. He includes the password 'atlanta69' in the email, which is the one used to access the web server.

Reading down the log further, you can see the web address of the web server when it is typed into an email to '' the user then powers off and the next user 'Maco' logs in and visits where he logs in as 'Maco3421' with the password 'sdur54' he then checks his email before visiting the website, a site that offers a password auditing and recovery application 'L0phtCrack'.


Why use a keylogger?

It is much easier to intercept important information before, or as soon as, it enters the computer system. This is because some keystrokes are immediately hidden or encrypted, such as Hotmail passwords, Yahoo passwords and windows login passwords. The strength of PGP (pretty good privacy) encryption is also another reason to catch keystrokes before they are encrypted by the system, because an intercepted email that has been encrypted with PGP can take many thousands of years to decrypt and read if you don't have the private decryption key.


What different types of keylogger exist?

Essentially there are 2 different types of keylogger, each with their own unique benefits. The comparison is below so you can learn to choose which is the most appropriate for your situation.

1) Software keyloggers

Software keyloggers are programs that run in the background of a PC and (in most cases) quietly record every keystroke that is pressed into a file that is stored on the hard drive.
Some software keyloggers have an added feature to email the recorded keystrokes to a pre-specified email box where they can be read. This can cause an increased risk of detection if the user has installed a software firewall such as 'ZoneAlarm' as it will notify the user of the keylogger transmitting file causing the suspicious activity.
Other software keyloggers can also monitor incoming and outgoing internet traffic and perform screen captures, but this tends to slow down even the fastest PC to a level that could be noticed. Screen capture software can also quickly fill the hard drive space and cause system stability problems.

Software keyloggers can be broken down into 2 sub-categories.
a) Visible in the task manager
b) Invisible and stealth keyloggers

Keyloggers that are visible in the Task Manager can be easily disabled under Windows 95,98, NT, 2000 and XP. It is simply a matter of entering the task manager (Press Control+Alt+Delete and then click on Task Manager) then select the offending keylogger in the applications window and click on the 'End Process' button.

Keyloggers that are invisible and stealth can also be detected and disabled. Some still appear in the Task Manager, but as System Processes under the 'Processes' tab. These can be stopped if the user has sufficient access privileges. Another alternative method is to use a freely available spyware scanning program like Spycop or Adaware. These programs can quickly pick up almost all available software monitoring products with the click of a button. They also feature a database update facility that keeps the scanners up-to-date with detecting the latest releases of the popular monitoring products.

One thing to note about ALL software keyloggers is that the captured keystroke information is stored on the PC hard drive where it can be modified, copied off onto disk, or even via an intruder accessing the PC from the internet.

One way to lower the risk of sensitive data being accessed by the wrong people is to use a hardware keylogger.

2) Hardware keyloggers

Using a hardware keylogger to record keystrokes is as simple as plugging it in between the keyboard and PC. This can take anyone with little or no experience under 5 seconds to learn and do.

Once a hardware keylogger is connected, it begins recording every keystroke that passes through it into its own internal memory.

No software is needed to record keystrokes with KeyGhost keylogger.

Keylogger before
Keylogger after

For security reasons, the photo (above right) is only a representation of what the KeyGhost looks like. The actual KeyGhost is injection moulded to look exactly like an EMC Balun.

The KeyGhost is a completely self contained hardware unit that simply plugs into the keyboard line of any PC. One can record and retrieve keystrokes without ever installing any software on the PC.

The most obvious and main benefit of a hardware based keylogger is that it is completely undetectable using software and spyware scanners. This means they are the keylogger of choice for long term and stealth surveillance applications.

Hardware keyloggers are also a safe option to use if the PC to be monitored is connected to the internet as they store the (sometimes highly sensitive) recorded information in their own internal memory chip that can not be accessed remotely or copied to a disk. Physical access to the keylogger device is required to retrieve the stored keystrokes.

Hardware keyloggers can also be separate into 2 categories
a) Unsecured onboard memory
b) Encrypted (secured) onboard memory

Essentially these sub-categories are similar to the software keyloggers.
If a hardware keylogger does not encrypt its memory, then the contents are available to be read by anyone that has access to the device EVEN if they don't have the current access password.
When a hardware keylogger uses a STRONG encryption on its memory, then it becomes virtually impossible for anyone to access the keystrokes that are secured inside the memory chip if they do not know the password that was used to encrypt them.

Hardware keyloggers can also be fitted internally inside a keyboard where they are impossible to detect unless the user physically opens up the keyboard and knows where to look.

A hardware keylogger has its own internal microprocessor which means it operates independently of the operating system and will never slow down or crash the system. Because it stores all the keystroke in its own internal memory, the keystrokes can never be lost even if the target computer crashes, fails or its hard drive is removed and/or destroyed.


How do I compare and choose between many different types of keylogger?

Choosing the right keylogger is not a simple task. You should first decide on the level of security that you will require during the monitoring process.

1. Is the information that will be captured sensitive in any way?
2. Is the computer that you are monitoring connected to the internet?
3. Will multiple users be accessing the computer?
4. Are you interested in both outgoing and incoming information?
5. Do you require screen capture capability? (caution*)
6. Do you need complete stealth during the operation?
7. Is the monitoring target a Power User or relatively inexperienced with PCs?
8. Does the PC have USB ports or a floppy drive attached?
9. Is the PC hidden under a desk or up in plain view?
10. Is the PC moved on a regular bases?
11. Do you have administrator access on the PC? (required to install software)
12. Will this be a long term or short term operation?

* Screen capture functionality will slow down the PC significantly which may alert the user as to how they are being monitored and increase risk of detection. If the hard drive runs out of space the PC will become unstable and begin crashing.

Find out about KeyGhost SX, the hardware keylogger with built-in high speed download capability.

security, computer, keyboard, record, keys Comparison? How do I choose keyloggers work? How can I use What is the best Compare products. undetetable. What is it and how does it work?. Comparisons, choose, choosing.

Note: Hotmail, Yahoo, Spycop, Adaware, ZoneAlarm and L0phtCrack are the trademarks of their respective owners and are being used as examples for informational purposes only without intent to infringe.


We respect your privacy and security. If you have any questions or comments about this site? Contact the Webmaster. Tel: +64 3 379-3883. Fax: +64 3 379-3885. Email: Postal Address: KeyGhost Ltd, P.O.Box 3279, Christchurch 8001, New Zealand. Physical Address: 109 Montreal Street, Christchurch, New Zealand.

Copyright 2000 KeyGhost Ltd. All rights Reserved.