The way my brain is interpreting this is that that when the USB drive is missing, for the program to keep collecting the keystrokes this moves from being a keylogger attack from a HID to actual malware. It would need to be installed on the system and get past the AV being used. If this is your machine then go ahead and install a keylogger. However, if this is not your system, even if this is an ethical event it most likely is out of scope.