A keystroke logger, sometimes called a system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer's keyboard. As a hardware device, a keystroke logger is a small battery-sized plug that serves as a connector between the user's keyboard and computer. Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user's behavior to physically hide such a device "in plain sight." (It also helps that most workstation keyboards plug into the back of the computer.) As the user types, the device collects each keystroke and saves it as text in its own miniature hard drive. At a later point in time, the person who installed the keystroke logger must return and physically remove the device in order to access the information the device has gathered.

A keystroke logger program does not require physical access to the user's computer. It can be downloaded on purpose by someone who wants to monitor activity on a particular computer or it can be downloaded unwittingly as spyware and executed as part of a rootkit or remote administration (RAT) Trojan. A keystroke logger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file (which does all the recording) and an executable file (.EXE) that installs the DLL file and triggers it to work. The keystroke logger program records each keystroke the user types and uploads the information over the Internet periodically to whoever installed the program.

Although keystroke logger programs are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, most privacy advocates agree that the potential for abuse is so great that legislation should be enacted to clearly make the unauthorized use of keystroke loggers a criminal offense.