The Inquirer-Home

Never again lose your typed work with Keykatcher

Review Records every keystroke at the wire
Thu Jan 27 2005, 13:12

Product: Keykatcher
Company: Allen Concepts, Inc.
Price: $69 to $99 (depending on flash memory size)
Web: Keykatcher

HOW MANY times have you lost a work in progress document before you had the chance to save your work - or send it in the case it was an e-mail? Over the last 10 years, I have lost count of the times I cursed the machine and had to start over. And due to Murphy's Law, it's always the most important work that is lost. E-mail applications and operating systems never crash when you're composing "yeah, right" or "me too" kind of e-mail messages. Keykatcher is a key logger, but with a difference: it's totally software independent, no drivers to install, no operating system lock-in. You can be running MS-DOS, Solaris x86, Linux, OS/2, BeOS, it doesn't make any difference as it records keystrokes at the physical, electrical level.

The Keykatcher device comes in a small "PS/2 male to PS/2 female" (mini-din) package the size of a small pen cap, and takes power from the same keyboard bus, so no power supply is involved. It is available in 32k, 64k, and 128k configurations. Since it plugs directly into the computer keyboard connector, every keystroke passing though the wire is captured and saved instantly in the device's internal flash memory, able to survive system shutdowns and power cuts. Of course, the main application is "user activity monitoring", and the product manufacturer, Allen Concepts, advertises it as such. The package even includes a small piece of heat shrinkable plastic tube -the type often used for electrical insulation- to attach the Keykatcher device permanently to the keyboard's male PS/2 plug so that it not easily unplugged, stolen or removed. In fact, most users probably wouldn't find the device is there if you suddenly place one on your employee's systems. Think about it, how often do you ask to look at the back of a PC before using it?. Now, those of you who are of the privacy/paranoid kind, better start looking.

alt='keykatcher-1'
The Keykatcher device

But let's focus on the "do not lose the data you type due to software crashes" angle, which I think is the most useful aspect... "if there is no software or drivers to be installed, how do you access the saved data?", I hear you all asking. It's both simple and brilliant: you load any text editor on the computer, and type the device's password, originally set as "keykatcher" a "menu" appears on screen (it's actually the Keykatcher device sending keystrokes to the PC to draw the "menu" on the text edit window). At that point, the device is in "menu mode", letting you change the device's password, start/stop recording mode, erase the device's flash memory contents, show EVERY keystroke recorded -it dumps the complete contents of the device's flash memory to the PC for perusal- or, if you're lazy, there's a menu option dubbed "Netpatrol" that automatically looks for internet addresses saved in the device (anything starting with www. or ending with .com / .net). Oddly enough, the company doesn't seem to think that ".org" is a search string worth including in this option. But don't worry, the device also includes a "Search for a string" option so you can manually search for ".org", ".co.uk" or any other string you might want to find.

alt='keykatcher-2'
The Keykatcher unit plugged into the keyboard connector at the back of a PC

One of the many advantages of using the Keykatcher vs. a software-based keylogger:

  • Records everything passing through the wire, no chance of having a user disabling it without knowing the password or physically removing it.
  • Booting DOS, linux command line and still want to have keylogging functionality?. Only a hardware solution can do it.
  • Your PDA died and you lost your saved BIOS access password?, take the keykatcher to another system and look at the device's memory. Chances are if you've typed it recently, it's still there.
  • Software key loggers can crash
  • A hardware key logger is not affected by hard disk crashes
Of course, there are some advantages and disadvantages of software based keyloggers:
  • Log size not limited to 128k, only to available disk space
  • Many software key loggers also record the name of the application used when typing something, so you get some context in the logs to see on which application the user was typing that
  • In the case of a OS crash, there's a chance of losing data typed in the last seconds before the crash, due to disk caching algorithms and "delayed writes".
  • Checkdisk can corrupt or erase your log files, specially if being written at the time of the crash
The Test Begins
The device worked flawlessly from minute one both with Windows and OS/2 (yes I keep one system running Big Blue's OS for historical and sentimental reasons), proving the Keykatcher's software-independent design. I tested the 64k version and it was a pleasure to use a "100% hardware" solution with such a clever design that it doesn't even need a piece of software to access the recorded contents. The Netpatrol feature that searches the data log for web addresses is useful, but I wish it also looked for ".org". Most of the time it shows web addresses anyway (even .org) because it also looks for "www" so most of the type if you type "www.something.org" it gets displayed by Netpatrol anyway. However, on my tests I typed for instance "clanbush.org" and Netpatrol didn't display that string, because it didn't start with "www" or end with ".com or .net", but is was surely saved into the device, along with the rest of my typing. However, keep in mind that Keykatcher records EVERYTHING (even back spaces shown as <BS>), so it's a matter of loading your favorite text editor and selecting "view memory contents" on the Keykatcher menu to dump the bulk key log and search visually or using your editor's text search feature.

alt='keykatcher-3'
The Keykatcher plugged into my Linksys Keyboard-Mouse-Video switch

Some words of advice, the Keykatcher won't work if it sits after a Linksys "KVM switch" like these, because those devices also intercept and monitor the keystrokes passing through the wire and somehow conflicts with the keykatcher detecting the password to enter the "menu mode". The company confirmed they're aware of this, and the solution is simple, place it BEFORE the device, that is, plug the Keykatcher in the "keyboard input" port of the KVM switch, not into the PC's keyboard connector.

I had to invoke some external assistance, and what better than the devil to turn the power off and press the reset button randomly while I was typing text on my favorite email program, browsing the web and working with my favorite office suite -StarOffice 7 in case you're wondering-. No, before you worry about my mental health, it was the FreeBSD daemon, which as you know is not a demon , even while it certainly looks like one.

alt='keykatcher-4'
The devil wags its tail, pressing the reset button while data was being typed

In all cases I was able to recover everything that was typed up to the last second before the reboot, by simply loading a text editor (I used notepad), entering the Keykatcher's password and selecting the option "show memory contents" from the menu.

alt='keykatcher-5'
The Keykatcher menu and a dump of the logged keystrokes

The Verdict

The only drawback I could find is that the device is a bit expensive, but no other product can offer the level of peace of mind as having Keykatcher installed in your PC. If you value your time and your work, it's worth spending the money on it. I only wish the company also offered a "bare circuit board" version with cables which could be soldered internally into desktop keyboards, and the technology licenced to notebook manufacturers so keykatcher functionality could be available on portables as an optional add-on directly from manufacturers. An USB version would also be a killer, but the company confirmed that it doesn't plan producing an USB version of the Keykatcher.

I give the Keykatcher five Fernandos in my personal one-to-five rating scale. Recommended! µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?