Will a hardware keylogger capture data from RDP session

I thought I'd try and offer some advice on this as no one else has.

It sounds like your concerns focus on an attacker trying to steal data from your/a clients machine that you access remotely.

The blunt answer is yes, quite possibly a keylogger could steal RDP data. These devices vary in complexity and can capture all kinds of things that you don't want to go missing. Without the exact model it's hard to say.

Computer security hat.

The real problem is though that your scenario allows an attacker to walk straight up to your server/computer and plug a device in stealing all your data. Security laws generally dictate if someone can touch your computer, it's no longer yours. They could just as easily yank the disk, key log it, malware or any other number of nasties.

My very basic advice is measure up how likely this attack is to happen (risk), what the damage would be if the data was stolen (website data, designs for your new product, medical data, credit cards?) and using these two benchmarks decide how much money you want to put towards the security of the box.

High strong walls, decent locks, cctv, alarm system, a 24 hour security service, land mines, machine gun nests are all options. Some are very easy, others might be a bit overkill.

You'll never reduce the risk to 0, especially if the goods up for grabs are of high value to a highly motivated attacker. Aim to reduce the risk by making it so difficult for "amateur/opportunistic thieves" that it's not worth their time.

Back to forensics.

If this has happened, try and look for indicators of what keylogger was used and how it was implemented. You might be able to trace the attacker. Then ensure it can't happen again.

Hope this mess of words helps )