How Are The Crackers Tracked?

This not-so Anonymous Coward asks: "I work at a large corp, and our daily firewall logs measure over 12GB. For the average cracker to actually do any real damage, they would need to be in the system for at least a month (keep in mind this is a large telco). With all the recent press regarding the cracking community, the FBI seems to be nabbing these guys awfully quickly as those terabytes of logs must be analyzed to trace these guys. How are these arrests made so quickly, or are they? " More than likely, law enforcement agents will use more tried-and-true methods in parallel with log analysis (and they have access to real hard iron to do this on, too). What other tools are available for law-enforcement agencies to use to track users (crackers and non-crackers alike) online?