Types of Keyloggers
What is a keylogger? The most common type of keylogger consists of a piece of malware installed and managed by a rootkit. Please refer to Figure 2 (Olzak, 2008, p. 4).
A typical software keylogger replaces operating system kernel components. As keyboard codes move from the keyboard controller to the operating system, the keylogger captures all keyboard entry before passing it on to the target application.
Because criminals want keyloggers to remain undetected, even by anti-virus (AV) software, they bury this privacy-stripping software in a way that prevents user view or AV detection of anything out of the ordinary.
Another type of keylogger uses an actual piece of hardware. Depending on approach, a special circuit might be inserted into the keyboard (Figure 3 (BitForensics)) or a device placed between the keyboard and the computer keyboard interface (Figure 4 (Keelogger)).
The success of hardware keyloggers depends on access. Software keyloggers are easily installed and collected data removed, even without physical access to the target computer. However, AV software is getting better all the time at detecting them. This is the main advantage of hardware keyloggers.
Hardware keyloggers are virtually undectable with software, but an attacker must have physical access to the target computer for implementation and data collection. Yes, there are researchers who claim there are ways to detect hardware keystroke loggers. I don't disagree. However, these methods are impractical and unavailable for general use.