Should keystroke loggers be used in enterprise investigations?
Should keystroke loggers be used in an enterprise setting?
This is a very good question, and one that should be considered carefully by all enterprise information security personnel engaged in investigations. Keystroke loggers
can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. Furthermore, if the perpetrator is using corporate assets, and you've got warning banners that clearly spell out that all computer use is subject to monitoring, you've got the groundwork laid for running a keystroke logger. But, hold on! There are two more hoops that you need to jump through before gathering your first keystroke.
I would never run a keystroke logger in an enterprise setting unless I first got a written approval from both an in-house lawyer and human resources personnel. The lawyer can check to make sure that your corporate policies, training and warning banners all limit an employee's presumption of privacy in the enterprise. The HR folks can similarly verify that reasonable suspicion of wrongdoing exists and warrants the use of a keystroke logger. In effect, the lawyer and HR review acts as a series of checks and balances on your actions. Don't view them as an annoying obstacle. Instead, realize that they are there to help you avoid a potential personal lawsuit from the target of your investigation!
More information:Learn how unified threat management (UTM) products can be used against remote control Trojans and keystroke loggers.
Have you used a keystroke logger in your organization, or would you consider doing so? SearchSecurity.com wants to hear from you.
This was first published in January 2008