RE: keyboard logging questions

From: Obert, Jack E. (JObertat_private)
Date: Thu Jun 28 2001 - 07:21:49 PDT

Next message: James Holley: "RE: Where are greater risks?"

Previous message: Michael H. Warfield: "Re: Where are greater risks?"
Maybe in reply to: Booke, Raymond: "keyboard logging questions"
Next in thread: sarnoldat_private: "Re: keyboard logging questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm using a package called Boss Everywhere (http://boss.dids.com/).  I can
push this from a floppy, or off of a network via login script, etc.  It
records date, start time, duration, computer name, user, application, window
name, keystrokes, URL, and filesystem activity.  It is highly configurable,
and easily removed...  There are also packages that do screen captures, etc.
Desktop Detective and Spector are two others that come to mind.  I chose
Boss Everywhere because of it's configuration options and small OS
footprint.

Be careful with the use of these types of packages.  I for instance, require
a director's written request and our VP of Human Relations and our CIO to
sign for all installs.  I treat this very similar to a wiretap.  I go in
looking for something specific and ignore all other activity...

 
Jack E. Obert, GSEC 
Technical Information Security Officer 
St. John's Health System 
jobertat_private
 
 


-----Original Message-----
From: Booke, Raymond [mailto:Raymond.Bookeat_private]
Sent: Tuesday, June 26, 2001 6:48 PM
To: forensicsat_private
Subject: keyboard logging questions


Hello All,

I am looking for information on keyboard loggers.  I would like to use such
a tool for evidence gathering, but the tools I have seen don't meet the
specs that would be required.  The tool would have to be:

Completely hidden,
Remotely installable
Not going to trigger virus scanner

It appears that these requirements are a bit hard to come by.  Does anyone
currently use a keyboard logger for this purpose?  If so, how have you
fared?  Is it capable of doing what I need?

Raymond Booke MCSE, CCNA, NET+, A+
Global Data Security Group
Perimeter Security Analyst
raymond.bookeat_private
480-643-6960



-----------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com


-----------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: James Holley: "RE: Where are greater risks?"
Previous message: Michael H. Warfield: "Re: Where are greater risks?"
Maybe in reply to: Booke, Raymond: "keyboard logging questions"
Next in thread: sarnoldat_private: "Re: keyboard logging questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 16:43:14 PDT