Link to home
Create AccountLog in
Avatar of Member_2_1108982
Member_2_1108982

asked on

Keylogger Advice Wanted

I have a need to install keylogging software on a Windows XP machine. I hate to have to do this, but I've exhausted every other option to remedy the particular situation and unfortunately have to resort to this kind of action.

The problem is, I'm pretty ignorant of what "legitimate" keylogging software is out there and I'm hoping for some unbiased advice. Free and unobtrusive are the important parts for me. For the necessary time frame, I will disable the anti-virus and anti-spyware components on the target system.

Every site that I search for advice and reviews regarding Keylogging software either looks to be a potential scam, or the "review" is really just a list of download locations for trial software, presumably giving the reviewing website a kickback. Plus, due to the nature of keylogging software, I want to make sure I'm downloading or even buying a product that is legitimate (and from a legitimate company), and won't infect the target computer with unsanctioned spyware of it's own. Even searching for keylogging software seems to push me to the darker parts of the internet.

Any advice would be appreciated!

Avatar of younghv
younghv
Flag of United States of America image

decker12,
You probably aren't going to get many responses to this question, because it is close to (if not actually) a violation of EE rules.

There is a whole section in the member agreement on 'hacks/cracks', etc. and the whole keylogging process gets into legal ramifications that are way too complicated for easy discussion.

Not what you wanted to hear, I'm sure, but the proper answer is: "We can't really talk about it here".

Vic
Avatar of Member_2_1108982
Member_2_1108982

ASKER

Thanks for the update. I wasn't sure how much of a gray area it was on EE, and as an IT professional it really tastes terrible for me to even consider installing one, let alone asking for advice on which one is the "best". The use of the software is obviously a very touchy situation in my organization. I'll keep poking around and hopefully will be able to answer the question myself at some point.
SOLUTION
Avatar of IndiGenus
IndiGenus
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
To put it bluntly, I was hoping to extract the login credentials for a secure website that my problem user keeps visiting (and potentially posting sensitive information to). My intent is to log in as the problem user and determine the extent of the damage, if any. We've had issues with this user in the past so this potentially could be the "final straw". Direct questioning has yielded no results, yet the cache files and History show regular access.

I've never had to do anything like this before, so I'm just trying to figure out the most direct route to acquire the credentials. I'd be interested in exploring other options.
decker12,
In my old network security days, I was a big fan of 'iprism' an outstanding tool for monitoring all Internet activity - down to the click level.

You can have real-time monitoring - plus permanent logs of all activity - by user and by site.

Managed to put a couple of bad guys behind bars for some of the crap they were trying to pull.

If your bosses can spring for the money, it is an outstanding long-term investment.

Vic
Thanks Younghv, unfortunately those devices are way out of the budget for the problem. I was balking at the $59.99 price for some of the commercial software products I've already seen listed :)

I don't think the user is acting maliciously, he's just clueless in my opinion, and unfortunately is a family member in the organization. If our suspicions end up being correct, I'm confident that the family will deal with the problem on their level instead of dragging it through HR and legal.
Ahh, 'family'.
Understood.
In the old days, I also always had a big ol' First Sergeant who would handle this kind of thing 'off the books'.

Vic
>""In the old days, I also always had a big ol' First Sergeant who would handle this kind of thing 'off the books'.""<
:LOL:...Hey Vic, remind me to stay on your "good side" OK?

Why not just block the site? Although I would imagine he could log in from another computer off site? Wouldn't help you assess the damage but would at least block their future use on site there...just some other thoughts..
Blocking the site from the router would prevent future damage, but would also unfortunately tip the user off to the investigation. Then I suspect the user would just continue his practices off-site and we'd be back at square one, with no chance for damage control.

I'm not privy to all the details, I've just been given the task to figure out if this particular user is responsible for the information left on that website. While trying to obtain his credentials, I was unsuccessful with a few other methods (such as checking IE and Firefox's saved passwords and saved autocomplete stuff). But if anyone has some other tips or tricks not involving having to install key logging software I'd love to hear them!
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks guys, I have managed to resolve the situation without resorting to installing any kind of monitoring software.