This is a whitepaper that discusses methods of determining whether or not a system has been compromised based on artifacts left behind.
You can download it from the following link: https://packetstormsecurity.com/files/download/119592/demyo.detecting.system.intrusions.pdf
Source: https://packetstormsecurity.com/files/119592/Detecting-System-Intrusions.html