[Dshield] Re: good keystroke logger

John Groseclose iain at caradoc.org
Wed Jan 14 17:39:16 GMT 2004


Johannes B. Ullrich writes: 

> I have a dilemma and I need some direction from the talented members of
> the DShield security organization.  We have a fairly senior manager that
> is being suspected of doing things not within the scope of the job, so
> to speak.  The bosses have asked me to install a keystroke logger onto
> this person's system, which I don't have an issue doing.  I don't know
> what to install on it that won't be detected easily by Anti virus.  This
> person is fairly savvy when it comes to their system so it has to be
> very stealthy.  I will also use ethereal to trap packets for further
> detail but this keystroke logger is a bit new to me.  Any suggestions?

If this is for a desktop machine, it would be easier to install a hardware 
keystroke logger - it sits between the keyboard cable and the keyboard port, 
and captures everything that goes through it. The ones that I have seen look 
just like a PS/2-to-DIN5 adapter. You simply plug it in, then go retrieve it 
later. A particular keystroke sequence causes it to dump its storage back 
out. 

This won't work for most laptops.




More information about the list mailing list