Solved

Keylog detector.

Posted on 2011-09-29
3
324 Views
Last Modified: 2012-05-12
I'm doing the usual Google search for programs, does anyone have experience with a program that they would recommend?

We have acquired a client that has a disgruntled admin that has left, just doing do diligence best we can.
0
Comment
Question by:LanMan6401
3 Comments
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 36893196
keyloggers by design are stealthy. check cables for any additonal items. Check the keyboard(s) to see if they have been tampered with.  You want to do a full forensic trace? I hope this customer has a lot of money to support this piece of mind.

other than changing all admin passwords NOW if not done already .. remove that users account or disable it (remove it) and running sysinternals rootkit revealer and malware bytes on every server.

malware bytes will only find known keyloggers .. if this admin is smart he compiled his own.. check the autostarts on each server (sysinternals autoruns) and disable any suspicious items. If you find anything notify the authorities
0
 
LVL 62

Expert Comment

by:btan
ID: 36900990
Can check out rootkit razor which primarily surfaced stealthy trojan and backdoor
 Which allow callback to remote control the infected machine.
 http://www.tizersecure.com/tizer_rootkit_remover_features.php

We are looking at potential insider threat where remanent of doing can bring big impact. If the staff was having privilege to server and critical appl admin, suggest to revoke all associated right, credentials. detect for anomaly in network security log like brute forcing login or admin machine slowing down, making silent listening ports, etc.

Importantly, have mobile storage used by staff or within the critical server t ok be checked and if possible, formatted on the safe side. Better safe than sorry.
0
 
LVL 1

Author Closing Comment

by:LanMan6401
ID: 36926613
Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now