An audit trail is a chronological record of system activity providing documentary evidence of the sequence of events within a system. Audit trails capture who did what, when, from where, and to which resources, creating an accountable record that supports forensic investigation and compliance verification.
For an audit trail to be legally and forensically useful, it must be complete, accurate, and tamper-evident. Sending logs to immutable storage prevents attackers from covering their tracks and preserves evidentiary value.
CISSP Relevance
Audit trails are addressed in Domain 6 (Security Assessment and Testing) and Domain 7 (Security Operations). CISSP candidates must understand what events should be logged, how to protect log integrity, and how audit trails support regulatory compliance requirements.
External reference: NIST SP 800-92 Guide to Computer Security Log Management
Related terms: Log Management, Security Audit