Im assuming this knowledge basically comes from going over multiple/hundreds of logs and learning what to look for, I know some trojans are quite hard to recognise as they are disguised quite well these days, but none the less im very interested in learning the ins and outs...
thanks
scozz