Hi, We've used both types, hardware and software : Hardware : Keyghost http://www.keyghost.com/ This one can be added to the keyboard behind the PC. It captures every keystrokes. You can even send one of your keyboard directly to them and they will embed the little spy within the body of your keyboard (a little expensive but sthealty). We've used both versions and it never got detected. The only downside is that you have to retreive the piece of hardware to empty it of its content. ************************** Software : Starr Pro Edition http://www.iopus.com/ This one needs to be installed on the machine (we tested it on NT machines) and we didn't test it on Unix machines. It sends reports on your network or via Email. Got a few problems when a user opened a Winterm session, we lost the connection and the info typed during that session. :-{) Merci Mart! ****************************************** Pensée de la semaine : Le pardon n'est pas toujours facile, mais la haine est si épuisante! Martin M Samson Chef de projets, -----Message d'origine----- De : Burnette, Michael [mailto:MWB@rh-law.com] Envoyé : lundi 22 avril 2002 11:45 À : forensicsat_private Objet : Keystroke loggers used in forensic examination Given the importance of documentation in forensic examination, I am curious to know if any of you use keystroke loggers as a documentation tool and what brand if you do. We were lamenting the ways to implement keystroke logging in a DOS environment modified for forensics work and the thought arose to use this hardware-based logger: http://www.thinkgeek.com/stuff/gadgets/5a05.shtml It sits between the keyboard and PS/2 port and records 65K keystrokes at a time. I read up on it and it apparently doesn't record some control functions since it's memory is accessible via what amounts to playback through a text editor and could trip harmful PC functions if it tried. It has some obvious benefits although the control key exceptions make it less than desirable for Unix examinations. It would seem an interesting thing to try as long as you aren't using GUI based investigative software. Anyone used it or one like it? Michael Burnette Rogers & Hardin LLP Atlanta, GA USA This message and any attachments are intended for the use of the addressee(s) only and may be confidential and covered by the attorney/client and other privileges. If the reader is not the intended recipient, DO NOT READ, notify sender and delete this message. In addition, be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 20:40:58 PDT