I'm using a package called Boss Everywhere (http://boss.dids.com/). I can push this from a floppy, or off of a network via login script, etc. It records date, start time, duration, computer name, user, application, window name, keystrokes, URL, and filesystem activity. It is highly configurable, and easily removed... There are also packages that do screen captures, etc. Desktop Detective and Spector are two others that come to mind. I chose Boss Everywhere because of it's configuration options and small OS footprint. Be careful with the use of these types of packages. I for instance, require a director's written request and our VP of Human Relations and our CIO to sign for all installs. I treat this very similar to a wiretap. I go in looking for something specific and ignore all other activity... Jack E. Obert, GSEC Technical Information Security Officer St. John's Health System jobertat_private -----Original Message----- From: Booke, Raymond [mailto:Raymond.Bookeat_private] Sent: Tuesday, June 26, 2001 6:48 PM To: forensicsat_private Subject: keyboard logging questions Hello All, I am looking for information on keyboard loggers. I would like to use such a tool for evidence gathering, but the tools I have seen don't meet the specs that would be required. The tool would have to be: Completely hidden, Remotely installable Not going to trigger virus scanner It appears that these requirements are a bit hard to come by. Does anyone currently use a keyboard logger for this purpose? If so, how have you fared? Is it capable of doing what I need? Raymond Booke MCSE, CCNA, NET+, A+ Global Data Security Group Perimeter Security Analyst raymond.bookeat_private 480-643-6960 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 16:43:14 PDT