|
|
|
|
|
|
|
Monitor Computer Activity
Without Software! |
|
|
|
|
|
|
|
|
|
|
|
|
|
Product Reviews:
Review by US Army Systems Administrator |
|
|
This review is posted unaltered or edited with permission from the author.
|
|
|
Review of KeyKatcher Magnum – Hardware Keystroke Logger
First Impressions:
The KeyKatcher Magnum came attractively package in a simple flat box. Inside was the device itself, a backup battery (nice of them to include that!), and a rubber sleeve that seems to fit over the unit (I believe this is meant to keep the unit attached better to the PS2 keyboard plug). Also included were a quick setup guide and a card for you to record your secret password.
Installation:
Installation could not possibly be easier. The instructions were well illustrated and easy to follow. They show you how to install the backup battery and then install the unit on the PC. After installing the battery, you simply need to plug the KeyKatcher Magnum into your keyboard (PS2) connection and then plug the keyboard cable into the other end of the KeyKatcher. To get started, simply open up any word processing program (KeyKatcher recommends Microsoft WordPad) and type the default secret password. Like magic, you are presented with the KeyKatcher logo and some simple setup prompts. This allows you to set the local time and date for use with the timestamp features of the Magnum. Also you can change the default password to anything of your choosing.
Detection:
I decided to try a few methods used to detect keystroke loggers to test the invisibility of the Magnum. It was not detected by any Antivirus software or spyware detection programs. I then tried a few rootkit detection programs which look at kernel hooks. However, since keystrokes are captured at the hardware level, none of these could detect KeyKatcher Magnum. I also installed a program called KeyScrambler which claims to protect against keyloggers by encrypting keystrokes at kernel and then decrypting them in your browser. Again, since the capturing is done at hardware level, this was not effective in preventing the Magnum from logging keystrokes.
Strengths:
The KeyKatcher Magnum performed well in all tests. It accurately recorded all keystrokes (and I do mean ALL). Also, having the option of seeing keystrokes with timestamps was nice. This is a vital part of a forensic investigation and allows the investigator to accurately tie the keystrokes to a user that was logged in at that time. This would especially be helpful in a corporate environment where a terminal might be shared by multiple users. The search feature was also very useful. With the KeyKatcher recording every single keystroke (including TAB, Shift, etc.), wading through the 4MB of memory (approximately 4 million keystrokes according to the company) could be a real chore without the search feature. You have the ability to search by keyword or do a NETPatrol search that will look for Internet address strings like www or .com. There is also a feature which shows time of use on the machine. This can show if a user was working on a computer during a given time period.
Weaknesses:
The weaknesses of the KeyKatcher Magnum are only those inherent to any hardware based keylogger. First of all, there is no effective way to permanently attach it to the machine. If the user is aware of its presence, it is an easy matter to remove the unit and then replace it after typing the incriminating keystrokes. Secondly, you must ensure that the password you pick is a strong one. Using a dictionary word would give the chance that the user could type that and accidentally have access to the memory of the unit. A strong password with letters, numbers, and special characters is the rule and not the exception here. Lastly, (and this is not necessarily a weakness of the unit) if you forget the password, you must send the whole unit and $10 back to the company to have it recovered. The way the documentation reads, it sounds as if they actually recover the password from the memory. If this is the case, how long before some enterprising hacker finds a way to do the same.
Real World Test 1:
After running it through the tests on my personal machine, I decided to put it into action in a real-world scenario. We had a user that was suspected of visiting unauthorized websites on his work computer. However, this user was smarter than the “average joe” and he knew how to delete temporary files, browser history, and overwrite these things using a program like Window Washer. I connected the KeyKatcher Magnum to his machine and then a few days later, retrieved the device and analyzed the information. I was able to find evidence of five different websites which were not authorized. Using the timestamps provided by KeyKatcher Magnum, I correlated the visitation of those sites to times the user was logged into the computer and the case was made. It was a simple matter to move forward with an investigation using that evidence.
Real World Test 2:
Sometimes what you don’t log is just as important as what you do log. In this case, a user was suspected of not being in the office during certain hours which were mandatory. However, she was able to fool her supervisor by using remote access software from home to access her work machine. By using the KeyKatcher’s time of use chart, we were able to show that during those hours, nothing had been typed on the local machine and she must have been working remotely. When confronted with this, the user admitted to wrongdoing.
Summary:
Overall, the Magnum met all expectations for a hardware keylogger and has some nice features we haven’t seen before. The large memory, timestamps, search features, and time of usage logs all make this the best hardware keylogger I have seen to date. The only way I can think to improve the device is to offer it built into a PS2 keyboard. This would serve to make it completely undetectable to the user and make it nearly impossible for the user to notice monitoring taking place.
Reviewed by:
System Administrator
United States Army |
|
|
|
|
|
|
|
| |