Hi Raymond and All, I have used and am quite happy with a product by Amecisco called the Invisible Keystroke Logger. For NT, it runs within the Kernel and is completely invisible. From my experience it meets all of the requirements you have listed. http://www.amecisco.com/ On a similar vein, you might consider a hardware solution that plugs in-line with the keyboard to capture all keystrokes, including those made before the OS comes on-line. The downside of this is you need to physically install it and then remove it later to recover the keystrokes logged. Plus, it can always be discovered if a suspect were to look at the back of their PC; not likely but always a risk. A crafty person might be able to integrate this into a keyboard to make it completely hidden. All you would need is for a cleaner to "accidentally" spill a coffee on the original keyboard, and presto... ZeroHype Technologies have a product called Keyghost that fits this bill and also works flawlessly. http://www.amecisco.com/ Best of luck, Steve Collins SANS GCNT IS Security Analyst Information Protection Centre National Research Council of Canada Ottawa, Ontario -----Original Message----- From: Booke, Raymond [mailto:Raymond.Bookeat_private] Sent: Tuesday, June 26, 2001 7:48 PM To: forensicsat_private Subject: keyboard logging questions Hello All, I am looking for information on keyboard loggers. I would like to use such a tool for evidence gathering, but the tools I have seen don't meet the specs that would be required. The tool would have to be: Completely hidden, Remotely installable Not going to trigger virus scanner It appears that these requirements are a bit hard to come by. Does anyone currently use a keyboard logger for this purpose? If so, how have you fared? Is it capable of doing what I need? Raymond Booke MCSE, CCNA, NET+, A+ Global Data Security Group Perimeter Security Analyst raymond.bookeat_private 480-643-6960 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 16:25:46 PDT