Q

Should keystroke loggers be used in enterprise investigations?

Keystroke loggers can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. But not so fast. Ed Skoudis reveals what needs to be done before gathering your first keystroke.

Should keystroke loggers be used in an enterprise setting?
This is a very good question, and one that should be considered carefully by all enterprise information security personnel engaged in investigations. Keystroke loggers can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. Furthermore, if the perpetrator is using corporate assets, and you've got warning banners that clearly spell out that all computer use is subject to monitoring, you've got the groundwork laid for running a keystroke logger. But, hold on! There are two more hoops that you need to jump through before gathering your first keystroke.

I would never run a keystroke logger in an enterprise setting unless I first got a written approval from both an in-house lawyer and human resources personnel. The lawyer can check to make sure that your corporate policies, training and warning banners all limit an employee's presumption of privacy in the enterprise. The HR folks can similarly verify that reasonable suspicion of wrongdoing exists and warrants the use of a keystroke...

logger. In effect, the lawyer and HR review acts as a series of checks and balances on your actions. Don't view them as an annoying obstacle. Instead, realize that they are there to help you avoid a potential personal lawsuit from the target of your investigation!

More information:

  • Learn how unified threat management (UTM) products can be used against remote control Trojans and keystroke loggers.
  • Have you used a keystroke logger in your organization, or would you consider doing so? SearchSecurity.com wants to hear from you.
  • This was first published in January 2008

    Dig deeper on Security Awareness Training and Internal Threats-Information

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close