he software will be Windows based (compatible with Windows 7, 8 and XP) deployed as an agent and installed remotely (for instance using a mechanism such as PSEXEC) with local admin or domain admin privileges. Once deployed, the software must be capable of launching itself (locally) at startup. The software should be capable of capturing key strokes, timestamping them and associating them with the application into which the keystrokes were typed. The software should also be capable of creating screenshots at user specified intervals. Log files and graphics should be stored in an encrypted file (location specified by user and with a robust encryption mechanism) and 'call back' to a user specified server when able to in order to transmit the log files. The log files should not grow excessively large and therefore compression may be useful. I recommend that the agent is to be configured prior to deployment with the IP of the 'call back' server, the location to store the encrypted files, the screenshot interval (etc). The software should not impact on system performance in a noticeable manner and should be hidden from Task Manager. The server software must be capable of supporting a large number of agents calling back to transmit log files. The log files should be transmitted in an encrypted tunnel.
It should be noted that this software will be deployed only by users already authorised to authenticate with the machine with Administrator privileges. It is not to be designed to usurp the operating system or to be used by a hacker. A person without admin privileges (i.e. an unathorised user) would not be able to deploy the software it is therefore unsuitable and not designed for hackers. The software would be used in conjunction with a corporate Acceptable Use Policy that permits monitoring of corporate use where unathorised use of a system is suspected and required reviewing. Multiple similar legitimate software already exists such as Spector Investigator CNE and is deployed in corporate environments commonly.