a chronological record of system activities, such as logins, file accesses, and data modifications, used to reconstruct events, detect unauthorized access, and verify compliance with security policies