I recently received a spare hard disk and am planning to put it to good use before it fills up with data. I'm planning a longish set of honeypot experiments. The modus operandi will be as follows:

1. Install Windows XP on the spare HD.
2. Make an image on the other one with Acronis True Image or dd
3. Unplug my usual hard disk.
4. Log EVERYTHING and monitor what's happening to it.
5. Plug my normal HD in again and save the logs (using Linux while I'm offline!!!).
6. Restore the partition on the spare hard disk and install SP1 and make another image and so on for SP2.

Each configuration will be tested with and without the Windows XP firewall and with and without some tightening (i.e. closing unnecessary services). No third party firewall will be used. This will obviously take a while (a few weeks to a few months) and I'll post the results of each configuration as and when they are available. The box will be kept online using the spare hard disk for about 12 hours, Friday, Saturday and Sunday.

I need some information about how to do the log everything bit though. I would like a set of free programs that would log network connections, changes to files, what files did what at what time and what ports are open at any given time. Ideally, the programs should be scriptable.

Cheers,
cgkanchi