Problem solve Get help with specific problems with your technologies, process and projects.

Should keystroke loggers be used in enterprise investigations?

Keystroke loggers can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. But not so fast. Ed Skoudis reveals what needs to be done before gathering your first keystroke.

Should keystroke loggers be used in an enterprise setting?
This is a very good question, and one that should be considered carefully by all enterprise information security personnel engaged in investigations. Keystroke loggers can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. Furthermore, if the perpetrator is using corporate assets, and you've got warning banners that clearly spell out that all computer use is subject to monitoring, you've got the groundwork laid for running a keystroke logger. But, hold on! There are two more hoops that you need to jump through before gathering your first keystroke.

I would never run a keystroke logger in an enterprise setting unless I first got a written approval from both an...

in-house lawyer and human resources personnel. The lawyer can check to make sure that your corporate policies, training and warning banners all limit an employee's presumption of privacy in the enterprise. The HR folks can similarly verify that reasonable suspicion of wrongdoing exists and warrants the use of a keystroke logger. In effect, the lawyer and HR review acts as a series of checks and balances on your actions. Don't view them as an annoying obstacle. Instead, realize that they are there to help you avoid a potential personal lawsuit from the target of your investigation!

More information:

  • Learn how unified threat management (UTM) products can be used against remote control Trojans and keystroke loggers.
  • Have you used a keystroke logger in your organization, or would you consider doing so? SearchSecurity.com wants to hear from you.
  • This was last published in January 2008

    Dig Deeper on Security Awareness Training and Internal Threats-Information

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.