Actual Keylogger Captures Data For Forensic Evaluation

Spyware has fast become a hotbed of controversy, yet there are times when spyware can be a useful tool.

For instance, solution providers and systems administrators have found that the ability to re-create a user’s session can prove vital when it comes to troubleshooting and forensic investigation. That process is accomplished by using key-logging and screen-capture utilities, which is essentially the basis for what has become known as spyware.

Actual Keylogger Software positions its premier keylogger product, Actual Keylogger 2.52, as a forensic tool. The software captures all activity performed on a PC, including keystrokes, screen activity and print jobs. Solution providers can think of this product as a surveillance camera for monitoring PC use.

While the very nature of this product seems nefarious at best, the simple fact is that companies today can be held liable for their employees’ activity. That liability is magnified by legislative requirements, such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act (HIPAA), both of which force businesses to be more proactive about how their information technology systems and intellectual property are used.

With Actual Keylogger, solution providers can re-create a user session to either validate or troubleshoot a problem. What’s more, the software could be useful for educational and training markets, where an instructor may want to review how a student accomplished a specific task.

Solution providers will find the software painless to install and easy to use. Installers have the option of configuring the application in a stealth mode, keeping it hidden from end users. That capability could prove very useful when it comes to monitoring company usage policies and building history for any legal actions. While the intent has the ring of “big brother” scenarios about it, network administrators are finding themselves more and more responsible for protecting end users from themselves, and the Actual Keylogger software makes that task a little easier.

The product works by capturing all information into a local encrypted log file. The solution provider can set up a schedule to deliver the log report via FTP or to a storage device on the LAN. Screen captures can be set to occur at pre-defined intervals. In other words, an administrator schedules how often a screen should be captured. While that functionality means that not every screen is captured, an interval can be set up to make sure critical ones are recorded. Actual Keylogger also logs which applications are launched or exited, printer activity, Web sites visited, changes to the system clipboard, Internet connections initiated and any disk changes.

Solution providers and IT staff will find reviewing the captured data quite easy. The program’s management interface allows an administrator to view information in a log, and data can be broken down by type. For example, an administrator can narrow the view down to just clipboard activity or screenshots or keystrokes or whatever combination is needed for a report. All activity can be exported to either an HTML or TXT format. Reports can be automatically created and sent via e-mail to a designated manager. The reporting process can be triggered either by a time interval or by how large the local log has grown.

Actual Keylogger does a pretty good job of hiding itself from the end user. Most antivirus programs seem to be unable to detect the program’s presence. If there is a problem with an antivirus or antispyware application detecting Actual Keylogger, the solution provider should be able to add Actual Keylogger to a security scanner’s exclusion list. After all, when this program is used for legitimate purposes, an administrator should be involved in every step along the way.

If Actual Keylogger is no longer needed on the system, the solution provider can remove it via the Add/Remove Programs option in Windows. If the application is installed in the hidden mode and needs to be removed, the company offers instructions for a manual removal process.

The company does not offer much in the form of a channel program. Solution providers will garner most of their profit from installation and analysis services. Actual Keylogger could easily be turned into a managed service, where a solution provider retrieves the logs and performs the analysis on the captured data for a customer.

Solution providers selling the product also should take additional care to verify how Actual Keylogger is to be used. For instance, a solution provider should be leery of deploying the product to sites that offer public access to PCs, such as Internet cafes or hotels or other such locations. What’s more, because of the ability of the program to intercept personal information, an integrator should make sure that a site’s company policy informs employees that their computer activity can be monitored and information intercepted. By following those simple guidelines, solution providers will help to insulate themselves from any of the legal ramifications associated with an information interception product.

All technical support and queries are offered via e-mail only. Solution providers looking to partner with Actual Keylogger have access to a partner tab on its Web site. While it would be a stretch to say Actual Keylogger is channel-friendly, the technology does offer an avenue to profit and meets a core surveillance need.