How to Spy on Computer Use

As a security administrator, auditor or “ethical hacker,” there are times when you will be tasked to monitor a person’s computer usage, including Internet sites visited, files created and/or modified and computer accounts created and/or modified. As a head-of-household, you face many of the same challenges, especially as a parent. Built-in, free and commercial computer usage analysis products are readily available to provide you with the means to accomplish computer usage monitoring and auditing.

Instructions

    Tools and Methods

  1. 1

    Keyghost

    Keyghost

    Install a hardware keylogger, such as Keyghost, on the target computer between the keyboard cord’s connector and the keyboard port on the back of the target computer. Later, play back the target’s keystrokes on the source computer to determine computer usage, passwords and other vital information regarding the target computer.

  2. 2

    Install a software keylogger on the target computer. Configure it so that the target’s keystrokes are sent to a destination of your choosing (to your remote source/monitoring computer, for example).

  3. 3

    Install NetNanny on the target home system. Use NetNanny’s reporting feature to monitor Internet usage.

  4. 4

    Firewall outgoing log

    Firewall outgoing log

    Login to your firewall/router as the administrator and enable outbound logging. View and collect the IP addresses of the sites visited by each computer on your internal network.

  5. 5

    Install an instant messaging log viewer, such as the free SkypeLogView, on the target computer. Run the IM log-viewing program on the target computer to read transcripts of any chat logs that have not been deleted from the computer.

  6. 6

    Acronis True Image

    Acronis True Image

    Purchase an external hard drive with at least as much space as the target system. Next, purchase and run a hard drive duplication program, such as Acronis True Image or Norton Ghost, on the target system. Use the software to make an exact copy of the entire hard drive contents. Uninstall the duplication software from the target computer. Review and analyze your exact copy using your source computer.

  7. 7

    IE history

    IE history

    Login to the target computer as an administrator. Double-click “My Computer.” Double-click the “C:” drive. Double-click “Documents and Settings.” Double-click the folder belonging to the target user. Double-click “Local Settings.” Double-click “History.” Within this history area, double-click each folder in turn, and review the browsing history within each folder (such as Today’s history).

  8. 8

    Browser cookies

    Browser cookies

    Login to the target computer as an administrator. Double-click “My Computer.” Double-click the “C:” drive. Double-click “Documents and Settings.” Double-click the folder belonging to the target user. Double-click “Local Settings.” Double-click “Temporary Internet Files.” Within this area, review the user’s cookies, because often history is erased yet cookies remain.

  9. 9

    Radmin remote control

    Radmin remote control

    Install the commercial software radmin (remote administrator) client on your monitoring computer; next install radmin server on the target system. Set the target radmin server to silent mode so that you may connect to the target system without permission and without being seen. Run the radmin client on your monitoring computer. Connect to the target computer, and you will see everything the user types and everything the user sees.

    Proxy Redirect

  10. 1

    Microsoft ISA

    Microsoft ISA

    Install and configure commercial proxy/firewall software (such as Microsoft ISA [Internet Security and Acceleration Server]) on your monitoring system. Alternatively, install free proxy/firewall software).

  11. 2

    WebMarshal

    WebMarshal

    Install and configure commercial Web traffic monitoring software, such as WebMarshal, on your monitoring system. Alternatively, install free Web traffic monitoring software.

  12. 3

    IE proxy settings

    IE proxy settings

    Login to the target system as an administrator and set the Internet Explorer browser settings (Tools, Internet Options, Connection Settings, LAN settings) to point to your monitoring proxy server. Be sure to choose “Use a proxy server” and enter the IP address of your monitoring proxy server. Continue to click “OK” until you have exited the various settings modules.

  13. 4

    Proxy default gateway

    Proxy default gateway

    Additionally, modify the target system so that all Internet and Web traffic passes through your monitoring proxy/firewall server: Click “Start,” “Settings,” “Control Panel”; right-click on “Network”; choose “Properties”; select the target’s primary network card; right-click; select “Properties”; select “TCP/IP V4”; select “Properties”; then set the “default gateway” of the target’s network card to point to your source computer’s proxy/firewall server. Click “OK” and continue clicking “OK” in the various panels until you exit the network card settings. Reboot if prompted to do so.

  14. 5

    Run the proxy/firewall product’s monitoring and analysis tools on your monitoring system to track and review the target’s Internet and Web traffic and habits.

Tips & Warnings

  • Passive after-hours monitoring is best, since the target user may not be using the system at that time. If you are sure the user will be away for a certain period, monitor the system, and, when done, return settings to normal, wipe out any traces of monitoring where possible and then reboot. A reboot often clears many of the messages the user otherwise would have seen. When looking at an outbound firewall log, most often the site is displayed as a numbered IP address. To determine more about that address, visit arin.net and enter the address.
  • If you are not authorized to monitor the target computer, your actions may be illegal, depending upon where each computer and user resides. If you are disabling a firewall, the target user may notice, since most modern computer systems notify the user when the firewall is off and/or when computer changes have been made. Nonwireless hardware keyloggers require you to visit the target computer to retrieve them. Nonembedded hardware keyloggers often can be spotted via casual physical inspection.

Leave a Reply

%d bloggers like this: