Conversely,a console application on the controlling computer captures mouse and keyboard inputs and sends them to the IP-KVM device, which, in turn, generates respective mouse and keyboard inputs for the controlled system.
The amount of suspicious traces that can be found upon a digital forensic analysis of the TS is limited,
mostly considering that modern IP-KVM devices do not require any software to be installed both on the controller and on the target systems. Obviously, the KVM device is itself evidence that should be destroyed or obfuscated by the AM in order to divert the investigation.