Physical evidence
For a keypad that is used only to enter a security code, the keys which are in actual use will have evidence of use from many fingerprints. A pass code of four digits, if the four digits in question are known, is reduced from 10,000 possibilities to just 24 possibilities. These could then be used on separate occasions for a manual "brute force attack."
History
An early key logger was written by Perry Kivolowitz and posted to the Usenet news group net.unix-wizards,net.sources on November 17, 1983. The posting seems to be a motivating factor in restricting access to /dev/kmem on Unix systems. The user-mode program operated by locating and dumping character lists (clists) as they were assembled in the Unix kernel.
Cracking
Writing simple software applications for key logging can be trivial, and like any nefarious computer program, can be distributed as a trojan horse or as part of a virus. What is not trivial for an attacker, however, is installing a covert keystroke logger without getting caught and downloading data that has been logged without being traced. An attacker that manually connects to a host machine to download logged keystrokes risks being traced. A trojan that sends keylogged data to a fixed e-mail address or IP address risks exposing the attacker.
