I'm not sure what "HJT" is, but you make a GOOD POINT, about log reading... I am assuming, perhaps incorrectly, that you mean Windows' Event Logs here.



Speaking of which/on that note (logging)? I supplement the std. Windows' EventLogs with a tool Microsoft produces called "Port Reporter" & it's pretty cool.

You can read about it & if you like what you see, download it here:

Download details: Port Reporter (PortRptr.exe)

* Enjoy!

APK

P.S.=> Supplementary logging is "Good Stuff"!

... & if ANY of you have ever read a "best seller" called "The Cuckoo's Egg" by Cliff Stoll (true story of a guy in academia who ended up busting an international hacker ring that was from East Germany in the employ of the Russian KGB no less, who were using trans-atlantic connections into various places in the U.S.A. + then busting into military installations, like Ft. Stewart (near Richmond Hill Ga., & I know this because my bro was stationed here, he is a Capt. in the military)?

It's mainly HOW he was "clued into them", because they were wiping the std. UNIX logs, but a secondary logging system was designed by the kids in comp. sci. degree track/dept. & it began to "not jive" with the std. one... & that in turn led to him tracking they & eventually getting them caught.

Thus, my point on logging... apk