HARDWARE REVIEW

KEYKatcher Magnum

RATINGS Quality Geekness

In today's security environment, many times it is vitally important to know who is doing what on your computers. Solutions range from keyboard/keystroke loggers to full session recorders bundled with much larger applications. The Allen Concepts KEYKatcher Magnum is a hardware-based keystroke logger that plugs into the PS/2 keyboard port of a computer.

The KEYKatcher Magnum is the top end of a series of products that are primarily distinguished by the size of the storage buffer. The Magnum not only brings the maximum storage amount to 4 MB (which, according to the included literature, is enough to handle four million keystrokes), but it also gives some additional functionality for analysis of the captured data. These additions make the Magnum better suited for corporate environments. It also needs no software or driver for installation; a computer will not even recognize that the Magnum is plugged in, as it acts as a pass-through for the keyboard. This pass-through method allows the Magnum to capture all keystrokes regardless of the application that is being used. Though the Magnum does not work with USB keyboards, Allen Concepts offers a different product line, the KEYPhantoms, for that purpose.

Obviously, the Magnum is only effective if it stays connected; there is a plastic sheath that can deter the removal of the Magnum from the keyboard's connector, but there is no way that I am aware of to permanently attach the Magnum to the PC's PS/2 port. This means that in some respects you are operating on a trust-based relationship, assuming that the end-user will not remove the Magnum from the keyboard connection, use an alternate keyboard to type in something, and/or reattach the Magnum. There will be a gap in the logging, but it would only be identified by a period of time where there is no keyboard input, which could happen in a normal situation when a user is only Websurfing, say.

The first assumption one would make about managing the KEYKatcher Magnum is that you would be able view the data stored on it as you would a USB key or other removable storage medium. This is not the case, however; the battery powered Magnum is accessed via the text editor of your choice, requiring the user to type the password in a document. The Magnum will recognize the password, and your text editor will begin functioning like the green-screen terminals of old. Simple menus will guide you through setting up the device (after installing the battery, it must have the date and time set), changing the password, and getting the information you need.

One note about the password change: it is very important not to forget the password. Retrieval of the lost password requires you to send the Magnum back to Allen Concepts and a $10 fee. Also, the password needs to be an uncommon combination of letters and/or numbers. If it is a common term, the user on the machine may be able to bring up the management console without knowing what he or she had done. Strong passwords are the rule here, not the exception.

Once the management console is opened, any recorded keystrokes can be viewed with or without timestamps. The timestamping functions of the Magnum are important for true forensic investigations, showing exactly when things were typed. The console also offers the use of what is called NETPatrol search. This option will search through the accumulated keystrokes for Internet address strings like www. and .com. There is also a keyword search so you can look for any characters, words, or phrases you like.

These search options are important because the KEYKatcher Magnum does indeed capture nearly every keystroke, including control characters, backspaces, and tabs. Wading through a lot of this kind of data could certainly be a chore, and search options are definitely a plus. Obviously, all of the information that the Magnum pumps back at the user through the management console are automatically in a document in the chosen text editor, so the file can be reviewed via other methods. The Magnum can be removed and taken to another computer to do analysis as well, since the data resides in the flash memory of the device.

Implementing a KEYKatcher Magnum on a single computer is a very simple exercise. Implementing this style of keystroke logging even in a small office presents different challenges, both legally and administratively. An organization should clearly state its policies on proper/improper use of computing resources and develop a consistent method for reviewing the data collected and enforcing the rules: this device is no cure-all in that respect.

Ratings Defense
I give the Allen Concepts KEYKatcher Magnum 4 Geekheads out of 5 for Quality. It is a very simple and easy to use product that does exactly what it says it will do. The capacity and user interface make it an ideal solution for small implementations.

The KeyKatcher Magnum gets 3.5 Geekheads for Geekness. There was a weird retro thrill to seeing the information bouncing back to the screen in the manner of a dumb terminal. I admit to feeling a vague sense of "Big Brother" when reviewing this product, but I also recognize the importance of having this type of technology available for forensic purposes. I did have to take some Geekheads away, though, due to the problems a hardware-based keystroke logger presents to anyone who's going to use one; namely that they are detectable and can be easily fooled. I also didn't like the fact that the computer user might accidentally open the Management Console if the Magnum's owner had set too simple of a password. Last, the $10 fee and necessity of sending back the Magnum if the password was lost was a bit of a bummer (though I understood why it was necessary).

If you are looking for a hardware-based keystroke logger, the Magnum is worth a strong look.

Search