Keystroke+Logging

Introduction
toc

Keystroke Logging is usually considered an illegal surveillance activity. Better known as keylogging, this activity involves the use of software or hardware on a computer by a third party to monitor the raw data typed by a user each time a key on the keyboard is pressed. This data is usually stored on the computer or key logging hardware until the third party retrieves it, though advanced software key loggers often use email, irc, messaging or proprietary protocols to send the logs. This technology is often used as a surveillance method to obtain messages, passwords and other input, as such data is logged in clear text. Though this technology was originally created and used by hackers attempting to log sensative data such as credit card information and server passwords, it has become a common tool for wary parents to spy on their children; the FBI and other government agencies use the same technology (after getting a warrant) on the computers of suspected criminals.

Software Keyloggers
To understand how software keyloggers work, one must have a basic understanding of how windows operates. Windows takes raw data from the various hardware devices on the system, such as the mouse and the keyboard, and interprets the meaning of those actions to the extent of figuring out to what window of what program the data is to be applied. For example, suppose a user moves the mouse over the background and to an application. As soon as the mouse moves over the window of the application, windows sends a specific mouse related message telling that application that the mouse is hovering over it. Another message is sent when the mouse button is pressed down, and yet another when the mouse button is let up. The same idea applies for the keyboard. If an application has focus, meaning it is currently selected and active, and the keys on the keyboard are pressed, the keys are sent to the application. This happens regardless of what you are typing into -- a text box, a password box -- anything. The software keylogger takes advantage of the fact that one application can read the messages of another. It reads any message that involves the keyboard and just writes that data into a file. There are several major advantages to using a software keylogger. Software keyloggers can access system related functions to hide themselves from the user. No physical evidence exists, making it harder to find in some cases. Internet connectivity can be used to send logs remotely, if physical access is not possible. Disadvantages include the need to code the software correctly so as not to cause system issues; this can become a real challenge when hiding the program from advanced users.

Hardware Keyloggers
The idea behind a hardware keylogger is much more simple. It connects to the keyboard and into the computer, logging the electrical signals it recieves from the keyboard and forwarding them to the computer. To their credit, hardware keyloggers are perfect for many systems used by advanced users, who rarely check the back of their system. They will never cause system instability, and are small and effective. Hardware keyloggers are harder to find than software keyloggers, as they as not used as often. They require physical access to the computer both to log keystrokes and access them later. This kind of keylogger costs money, while software keyloggers can often be found freely online.

//A hardware keylogger://


 * Image Source:** http://www.keyghost.com/images/kginst2.jpg