Auditing tools for Windows

fsum by SlavaSoft - (free) Creates md5 signature files compatible with the md5sum command line tool (found on most unix/linux distros), but has the additional feature of directory recursion. The tool also supports other checksum/hash functions.

DumpSec by SomarSoft - (free) This tool used to be called DumpACL back in the days of Windows NT 4.0. It has been re-released to report on the newer ACL information in an Active Directory Domain (Windows 2000), plus it has the option to dump out lists of users, groups, policies, shares, registry ACLs, and a few more goodies. Output is either an interactive report viewer, a custom save file format, or various report file styles.

rsync - (free) While not strictly an auditing tool, rsync is useful for pushing/pulling log files off of a server onto a better protected server for long-term storage. The primary advantage is that rsync will only send the portions of a file that have changed, reducing transfer traffic. It also supports compression of the transfer and you can route the information through ssh for security. The version I use is cwRSync, which is a streamlined version of the Microsoft Windows port that doesn't require the full Cygwin application to be installed.