Re: keyboard logging questions

From: Conor (ccrowleyat_private)
Date: Wed Jun 27 2001 - 23:34:47 PDT

Next message: svetlikat_private: "Re: Where are greater risks?"

Previous message: Dan Jones: "Re: Where are greater risks?"
Maybe in reply to: Booke, Raymond: "keyboard logging questions"
Next in thread: Darren Welch: "Re: keyboard logging questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

IMHO the problem with software based logging is that virus scanners could be
updated and you could have one seriously ticked off user on your hands.

If you can find one that is not currently scanned for, and the particular
user is not liable to turn it back on, you should disable definition updates
while the logger is running.

Or... if possible, and the particular user is not liable to be poking around
the back of the machine or 'rearranging the furniture', then a hardware
logger is the way to go. http://www.codexdatasystems.com/keykatch.html

..Conor



> ----- Original Message -----
> From: "Booke, Raymond" <Raymond.Bookeat_private>
> To: <forensicsat_private>
> Sent: Tuesday, June 26, 2001 4:48 PM
> Subject: keyboard logging questions
>
>
> > Hello All,
> >
> > I am looking for information on keyboard loggers.  I would like to use
> such
> > a tool for evidence gathering, but the tools I have seen don't meet the
> > specs that would be required.  The tool would have to be:
> >
> > Completely hidden,
> > Remotely installable
> > Not going to trigger virus scanner
> >
> > It appears that these requirements are a bit hard to come by.  Does
anyone
> > currently use a keyboard logger for this purpose?  If so, how have you
> > fared?  Is it capable of doing what I need?
> >
> > Raymond Booke MCSE, CCNA, NET+, A+
> > Global Data Security Group
> > Perimeter Security Analyst
> > raymond.bookeat_private
> > 480-643-6960
> >
> >
> >
> > -----------------------------------------------------------------
> >
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see:
> >
> > http://aris.securityfocus.com
> >
> >
> >
>

-----------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: svetlikat_private: "Re: Where are greater risks?"
Previous message: Dan Jones: "Re: Where are greater risks?"
Maybe in reply to: Booke, Raymond: "keyboard logging questions"
Next in thread: Darren Welch: "Re: keyboard logging questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 16:01:54 PDT