Benchmarking Keyloggers for Gathering Digital Evidence on Personal Computers Keyloggers refers to the hardware or software programs, which examine keyboard and mouse activity on a computer in a secretive manner so that the owner of the computer is not aware that their actions are monitored. The keyloggers accumulate the recorded keystrokes for later recovery or remotely convey it to the person employing them. Keyloggers aimed to serve as spyware and currently serve the same purpose. However, keyloggers have the potential of serving as a detective tool to gather digital evidence (Actual Spy, 2009). Similar to a phone recording mechanism at a call center, the keylogger secretly monitors and records all keystrokes typed in emails, word files, and activities in a chat room, instant messages, web addresses and web searching. Keyloggers have existed for many years and it is believed that the United States of America (USA) government in the early 1990 was the first to develop those programs (Symantec, 2005).

Essentially there are two various types of keyloggers (hardware and software), each with their own exceptional elements (Wood and Raj, 2010). Software keyloggers have some elements that capture user information without depending on keyboard presses as the central input. Some of these aspects include Clipboard logging, screen logging and programmatically capturing the text in control. Hardware keyloggers exist at the hardware stage in a computer system and can be complicated to notice using software and spyware scanners. Hardware keyloggers store the monitored information in their own in-house memory chip. Additionally, software keyloggers store all the monitored keystrokes on the PC's hard drive on which they install. There are several different types of keyloggers available in the market today. Keyloggers make it easy to interrupt information prioror as soon as it enters the computer system as some keystrokes immediately hide or encrypt, such as emails and windows login passwords.

According to Jonathan (2008), choosing the right keylogger to monitor information on PCs without a chance for detection is a complicated task. Companies have to decide on the standard of security that they will need during the recording process. Key questions include; what is the sensitivity of the monitored information? Is the PC monitored when connected to the internet? Will multiple users be using the PC risk monitored? Is the interest in both outgoing and incoming information? Do you need a screen capture capability? Do you need a complete secrecy during the monitoring activity? What is the standard of IT proficiency of the targeted PC? (Jonathan, 2008).

Cyber crime is any crime that includes a computer and a network, where the computers may or may not have played an importantly ingredient in the success of the crime, (Moore, 2005). With the high rates in computer crimes and complications in collecting evidence various Information security control precautions are in place to avoid Information systems. Various authors state that Cyber crime is increasing in both volume and complexity due to the growth in computer technologies making detection of the offenders very complicated (Bakibinga, 2009).

Computer forensics is currently in place to fight computer crimes. Computer forensics deals with gathering digital evidence from computers, networks and others digital devices. Forensics associates with the capture, evaluation and design of system activities in order to establish a compromised PC in case of an attack (Ilkyeun and Tae-Kyou, 2009). In order to fight computer crime, it is possible to locate criminal from within the computer and the available network. This evidence needs security in an appropriate manner using forensic enquiry so that the courts of law can use it as evidence of criminal behavior and violation of the law.

Digital evidence can be any data stored or conveyed in digital outline that the court may use during a criminal trial. Digital evidence, by its nature, is delicate and can be changed, broken by inappropriate handling or examination (Ashcroft et al., 2004). For these reasons, there is a need for special precautions to safeguard this type of evidence. Failure to do so may turn into unusable or lead to an imprecise finale. This project's primary objective is to benchmark keyloggers and establish an application, which can help in detecting keyloggers, which may offer importance to collect digital evidence on PCs. The project will offer a solution to the complication in collecting digital evidence on PCs with keyloggers. With the high price of computer forensic tools, this project will offer...

Keyloggers at times are essential for covert monitoring on personal computers. However, their use has been criticized on privacy matters and because they can be used to breach trust of a system. More so, keyloggers have the ability to access forbidden authorization to a computer; therefore, making the use of key loggers in collecting digital evidence hard.
Keyloggers can acquire a lot of information when installed on personal computers but not all this information arises to digital evidence. Despite this chance, very few organizations are using keyloggers on their company PCs to monitor employees for internet and general PC usage conformance. Part of the challenge is the legality surrounding the use of keyloggers since they infringe on the privacy of the PC users and the fact that it is not easy to identify a keylogger, which may used to monitor PC usage. The Project therefore seeks to address the problem of use of keyloggers in gathering digital evidence on personal computers.

1.3 Objectives

1.3.1 General Objective.

The common goal of this project is to scale keyloggers and establish an application for detecting keyloggers, which attackers may use to collect digital evidence on PCs.

1.3.2 Specific Objectives

i. To recognize the main elements of keyloggers which attackers can use in collecting digital evidence

ii. To scale the primary elements of keyloggers iii. To establish a benchmarking method for detecting keyloggers in collecting digital evidence

1.4 Scope

The project will primarily focus on software keyloggers because they have more elements compared to hardware keyloggers. The attackers keenly choose software keyloggers from the internet. The application established will help out in collecting digital evidence on PCs.

1.5 Project Justification

This research project, aims on establishing a system for recognizing keyloggers, which can assist in collecting digital evidence, will help Information security professionals achieve the following:

i. Recognize keyloggers, which have the ability to collect digital evidence on PCs.

ii. Identify what bounds to look at when collecting digital evidence on PCs.

iii. Identify how to handle the digital evidence collected on PCs to uphold its integrity.

More so, the project will add to the existing literature on keyloggers and digital evidence. It will also help Information Security experts in collecting digital evidence on personal computers in cases of cyber crimes (Kotadia, 2006). The evidence collected will assist in prosecuting attackers who target personal PCs.

2.0 Literature Review

2.1 Background

Keyloggers have existed for many years and it is a belief that the U.S. government first used them for secretly monitor PCs. However, it is also a belief that they used them in the early 90's though some suggest that the first keylogger appeared before and some claim they appeared later. Keyloggers have become one of the most influential applications in use to secretly monitor PCs. Developments in the globe have shown how simple it is to obtain all sorts of data with the help of computers. This information is important for a selection of efforts, and criminal action is a significant among the efforts. In a bid to curb this new crime, law enforcement agencies, financial organizations, and investment firms are utilizing computer forensics into their resources. From network security violation to children pornography researches, the general bridge is the illustration that the specific electronic media provided by the evidence that would incriminate them. Supportive exploration procedures should be in place to show that the electronic media contains the incriminating evidence, Ashcroft et al. (2004).

Ashcroft et al. (2004), suggests five steps, which researchers should follow when conducting a computer forensic examination. These steps include the following and suggest the order in which they should take place.

Policy and Procedure Development: Computer forensic as a regulation that requires specially trained experts, support from administration, and the essential funding to keep the unit working. Departments should implement policies and procedures for the operation of a computer forensic department.

Evidence Assessment: The digital evidence requires a systematic assessment concerning the case to establish the path of accomplishment.

Evidence Acquisition: Digital evidence, by it is very nature is fragile and may threaten to change, damage, or destruction by inappropriate examination. For these reasons, there is a need for exceptional measures to safeguard the evidence. Failure to do so may turn into it useless or lead to inadequate conclusion.

Evidence Examination: General forensic policies apply when scrutinizing evidence. Diverse cases and media may call for different techniques of evaluation. Persons assessing digital evidence require exceptional training for this objective.

Documenting and Reporting: The examiner is accountable for…