Which term provides the digital evidence when investigating anomalous issues on a network?

• A. Audit Log
• B. Network Flow (NetFlow)
• C. File Integrity Monitoring (FIM)
• D. Anti-Malware

Answer: (A)

The key idea is that you need a reliable, time-stamped record of what happened and who did it. Audit logs provide exactly that: a chronological trail of events across systems, including actions like logins, file access, permission changes, and configuration updates, with timestamps and user IDs. This makes audit logs essential digital evidence for an anomalous network issue because they let you reconstruct the sequence of events, identify who executed which action, and correlate activities across devices. Having a solid log trail also supports validation, incident response, and later forensics, especially when you’re building a timeline of the incident.

Network flow data (NetFlow) shows traffic patterns between endpoints, which helps spot unusual communication but doesn’t capture the specific actions taken on systems or the user identity. File Integrity Monitoring highlights changes to files or configurations, useful for detecting tampering but not for establishing a full event sequence. Anti-Malware tools alert you to malicious software, yet they don’t necessarily provide a complete, auditable record of user actions and system events needed for forensic investigations.