An audit trail is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event. It may be composed of manual or computerized records of events and information, or both.
An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.
- "National Information Assurance (IA) Glossary" (PDF). Committee on National Security Systems. 7 August 1996. pp. 4. http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf. Retrieved 07 March 2012.
- "ATIS Telecom Glossary 2012 - audit trail". ATIS Committee PRQC. 2012. http://www.atis.org/glossary/definition.aspx?id=5572. Retrieved 07 March 2012.
- Brancik, Kenneth C. (2007). "Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls". Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks. CRC Press. pp. 18–19. ISBN 1420046594. http://books.google.com/books?id=lsDngU-RUywC.