Home > Publications > Technical > Keystoke Logging

Keystoke Logging

Keystroke logging is a method of spyware that has the ability to capture and record a user’s keystrokes without their knowledge and sends the information to a server/database. It can also be used for criminal 
activity, to determine errors in  computer systems, study how users interact and access applications, and measure employee productivity. The growth of keystroke logging over the last couple of  years has increased because of bad user judgment, unsecure computer connections  and the easiness at which a computer can become infected.   While law enforcement personnel use keystroke logging to find evidence for a case; criminals use it to steal information from users by bypassing security measures. The most common types of keystroke logging are software, hardware, and kernel based.  Prevention measures include: not downloading/opening any attachment from an unknown source, keeping your firewall/anti-virus/anti-spyware on and up to date, etc.
  1.   Software based keyloggers is a file that starts a capture and logging feature without the user’s knowledge when downloaded/opened. For example, when a user downloads a file from the internet the downloading process could contain a software based keylogger. E-mail attachments are the most commonly used methods for sending software based keyloggers. Software based keyloggers can capture all keystrokes, even autocomplete passwords.
  2. Hardware based keyloggers are devices placed between the keyboard and the computer. They are small and can often go undetected for long periods of time but they require physical access to the computer. The hardware devices can capture banking, email, username, and passwords, etc.
  3. Kernel based keyloggers are placed at the heart of the computers brain and directly receives data from the input device. This replaces the original software for interpreting keystrokes and can be programmed to be undetectable because the kernel boots up before any user applications start. A disadvantage to this is it fails to capture autocomplete passwords. This is the most dangerous of the three because if the kernel is infected the computer is compromised.
There is no clear-cut solution to prevent keyloggers from infecting a machine. Using security best practices and good judgment will reduce the chances of becoming infected.

1.      Ensure the firewall, anti-virus, anti-spyware is on and updates automatically. This will help deter infection because the computer is current with the latest security updates.

2.      Monitor all programs running on the computer (Task Manager). There may be additional programs running that are unknown.

3.      Don’t download anything from an e-mail, websites, or attachments if the source is unknown. This is the best preventive measure for users.

4.      Get acquainted with the computer’s file system and look for newly created files or old files that were renamed. If a file was created or renamed then there is evidence that a keylogger could be present.

5.       Monitor the user’s computer usage by deciding which websites are acceptable to view and knowing what sites the user is visiting

6.      Don’t store your passwords in a file on the computer; this is the first place most keyloggers will look.


Remember criminals use keystroke logging because it is easier than robbing a store and most people do not secure their passwords/computers. Also, the user has no knowledge of being infected until they scan the computer. Programs are available to remove keyloggers but it can be a difficult and daunting task, it is recommended to inquire with a professional computer repair person. These personnel will apply their expertise/knowledge to solving the keylogging dilemma. Remember to apply the security best practices listed above and if any occur; inquire with a professional computer repair person. Keyloggers are vulnerability program and should not be taken lightly if infected.