Overview
Company: KeeLog
Website: KeeLog
Product: KeeLog USB KeeLogger TimeKeeper
Memory: 2 GB
Date/ timestamp: Yes
Encryption: 128-Bit
Price: 124.99 $, 89.99 €

Packaging, first impression and size comparison
The packaging consists of a stable cardboard box. Included are besides the Hardware Keylogger itself, which is safely embedded in a pink foamed material, an user manual and a guide for configuring the timestamp.

The packaging and the content looks good and solid. A positive feature is that it is, regarding to the manual, possible to configure the timestamp either in the american format A.M./ P.M. or in 24-hour mode. The timestamp works because of an internal battery which runs according to KeeLog over seven years.
Changeable covers for the Hardware Keylogger are not included, but when buying one on the KeeLog website you can choose between different colors (for USB black and white, for PS/2 black, grey and purple).

To get a better feeling for the size of the Hardware Keylogger, a size comparison with a 1-Euro coin was done.

Functionality
The USB KeeLogger TimeKeeper comes with a huge non-volatile memory of 2 GB which is enough for recording about 2000000000 keystrokes. Additional features are a 128-bit encryption and timestamping functionality. This comes in very handy for time dependent analysis and forensic tasks.
KeeLog offers on their official website (www.keelog.com) also other products such as PS/2 models or modules which can be directly implemented into a keyboard.

Installation
Installation is very easy and quick. Only thing needed is to plug the Hardware Keylogger inbetween keyboard and computer, no drivers or software are needed. Soon after recording will begin.

Very enjoyable is the fact that during my tests no notification from Windows popped up saying that a new hardware device was plugged in and installed automatically as it is mostly with all external hard drives for example. This not only raises the stealth of this product but also fastens the recording.

Also the device manager from Windows did not reveal any information about the plugged Hardware Keylogger nor did some freeware-tools (USBDeview von Nirsoft (www.nirsoft.net), USBView von Microsoft, …).

Retrieval of Logs
To retrieve the logfile a certain combination of three keys has to be pressed simultaneously which will force the Keylogger to switch to flash drive mode. Of course you have to use for this again the Hardware Keylogger and an appropriate Keyboard.
Windows will then recognize it as a mass storage device and installs a default-driver which comes with Windows.

The Hardware Keylogger is now available as a normal drive and can be viewed by using Explorer or similar.

The keyboard is no longer available and you have to use the mouse or alternatively a second keyboard. However, it is recommended to copy the logfile from the Hardware Keylogger to your own hard disc and to proceed from there. The Keylogger can then be switched back to recording mode which can be done by securely removing the hardware device or by simply re-plugging the device to an USB-port.

The logfile can be opened and analysed by any text editor, however, KeeLog provides also a text editor.

KeeLogs editor is a default-editor which comes with search capabilities and a filter for email- and webaddresses but of course it is not needed to use this program.

As you can see, also characters which are only used in the German language, such as umlauts or the "sharp s (ß)" where logged successfully. Also odd keycombinations were no problem for the KeeLog Hardware Keylogger.
ALT+1: ☺
ALT+2: ☻
ALT+3: ♥
ALT+4: ♦
ALT+5: ♣
ALT+6: ♠
ALT+11: ♂
ALT+12: ♀

BIOS passwords and Windows-Logon passwords were also correctly recorded. The only incomplete logging recognized while testing this device were keys which where hold for a longer period of time. This means that ZZZZZZZZZZZZZZ was later only as Z visible. As this won't be used by many users on a daily basis it shouldn't be seen as a big disadvantage.

Options
The KeeLogger TimeKeeper offers different options for configuration which can be first done in the CONFIG.TXT file which must be put into the root of the Hardware Keylogger.
Password=KBS
LogSpecialKeys=Medium
DisableLogging=No
Timestamping=Yes

Password is the combination which must be pressed in order to force the device to switch to flash drive mode.

LogSpecialKeys is responsible for defining which keys should be logged. None will only log the common keys, Medium logs also some special keys (Shift, Return, etc.) and Full logs all special keys (Default Medium).
DisableLogging can be either Yes or No and should be self-explanatory.
With Timestamping timestamping can be disabled (Yes and No).

Additional options which can be done within the config file are Encryption and ImeMode. Encryption is responsible for enabling encryption. When the value of this is changed to a different one it should be considered that this will result in formating of the Keylogger drive and deleting all files on it (Logs, Configuration, Layouts, etc.). Therefore it would be a good idea to backup those files on an external source (such as your hard disc) and reuse them after the formating process.
ImeMode IME (Input Method Editor) allows logging of special keys which are used by systems using IME (Input Method Editor). Those includes Japanese, Chinese, Korea and others.

Note: Variables and values are not case sensitive, meaning that upper and lower case doesn't matter. Also the password characters used are national layout independent.

Another important configuration besides the CONFIG.TXT file can be done within the TIME.TXT file. In this file it is possible to specify the time and date for the timestamping function. This file must be placed in the root-directory as well.
Year=2009
Month=6
Day=14
Hour=18
Minute=0
Second=0
Format=24

All values should be self-explanatory. The Format value can either hold AM, PM or 24.

Note: Again, all entries are not case sensitive.
As some time will aways pass while switching mode and start recoding it is a good advice to enter the time in the future to get more accurate results.

Third and last possibility for configuration lies within Layouts. Layouts can be used to log keys from foreign keyboard layouts such as German, France, etc.
Only thing to do is to put the appropriate LAYOUTS.TXT in the root-directory of the Hardware Keylogger. The KeeLog website offers many layouts for downloading and using.

Note: During the tests this only worked after formating the Hardware Keylogger drive which took approximately 10 seconds. The first try, which which was to copy the LAYOUTS.TXT into the root-directory did not work as the logging was still be done by using an English keyboard layout. However, after formating it worked fine.

Résumé
This Hardware Keylogger was tested on several different operating systems and it worked fine. Also different models of USB-keyboards were no problem at all.

The retrieval of the log was very easy and fast even by very big logs because of the mass storage device method and should be easy for non-technical persons too.

Because of the in-depth tests and the useful features (encryption and timestamping) I can recommend this Hardware Keylogger mostly to Security Consultants and to people who are in the forensics field. Also that there was no message popping up from Windows saying that a new hardware was found is a big plus point. For private persons, who may not need really the integrated features, cheaper models without those may be enough and should be considered.
KeeLog offers in addition a warranty for 1 year for technical errors.

I also want to note that KeeLog offers on their website free guides for DIY (Do It Yourself) Hardware Keyloggers. The first one which can be found here covers everything you need to now about a PS/2 Keylogger. The second one, which was published not too long ago, can be read here and gives a comprehensive guide on how to build a Wireless Hardware Keylogger.