A few months back, when the Heartbleed bug bugged everyone, I tried to find the reason for one particular server still being vulnerable despite being updated. It turned out, that Apache loaded a manually installed SPDY library with statically linked OpenSSL library. After that incident I wanted to find all other files added to the system by hand.
I wrote this little script, and then I found a neat little debian package Cruft that performs exactly that task (written in shell, but ok).