Abstract
Computer security specialists work every day solving security problems and handling intrusions. The experts try to avoid new security threats, but the intruders are trying to find new penetration methods and sophisticated attacking methods to compromise computers. The number of intruders is increasing in the computer world today. The usage of keylogging is being used for monitoring and logging what attackers are doing when performing attacks. Keylogging can log the entered keystrokes on hosts such as remote systems and in honeypots. Collecting keystrokes is an important step towards understanding the hackers and acquire knowledge about the attacks. Honeypots can tell security researchers how data is stolen and where hackers hide their stolen data or which methods the hackers are using to take control over a remote machine. Originally keyloggers where developed for servers with operating systems accessing the hardware directly. However, the usage of visualization and virtual machines is increasing rapidly for service providers in small and large organizations. Keylogging in bare-metal technology and in virtual technologies can be different, since the keystrokes might be interpreted differently depending on the hypervisor technology. The results of this thesis show that with respect to keylogging there are differences between bare-metal and virtual environments for Linux systems.