Glossary
What is a tamper-evident audit log?
A tamper-evident audit log is a record whose integrity an auditor can verify from any point back to the start. Each entry is hash-chained to the previous entry, so any modification produces an entry that does not verify.
§ 01 Definition
Detectable, not concealable.
A tamper-evident audit log is a record whose integrity an auditor can verify from any point back to the start. Each entry is hash-chained to the previous entry, so any modification anywhere in the chain produces an entry that does not verify. The auditor running the verification sees the failure; the alteration cannot be hidden by also altering the surrounding entries.
Tamper-evident is not the same as tamper-proof. A determined actor can still attempt to alter a tamper-evident chain. What changes is the consequence: alteration is detectable rather than concealable. For audit and regulatory contexts, detectability is the load-bearing property. An auditor does not need a record that no one can change. They need a record that, if changed, the change is visible.
§ 02 Questions
Tamper-evidence, answered.
How is a tamper-evident audit log different from an append-only log?
Append-only enforces that new entries can only be added, not modified. Tamper-evident goes further: each entry's integrity is bound to the previous entry's hash, so the chain itself becomes verifiable. Append-only is an operational discipline; tamper-evident is a cryptographic property of the chain.
What does verification actually do?
An auditor or an automated check walks the chain and recomputes the hash of each entry, comparing it to the stored hash. Any mismatch indicates alteration. The verification can run from any point back to the chain's start, and the chain's start can be externally anchored to a separate append-only substrate so the chain itself is protected against full replacement.
Which regulatory frames assume tamper-evidence?
SR 26-2's broader-governance posture assumes an interrogable record. NERC CIP standards expect an attributable trail that survives an audit. The EU AI Act record-keeping obligation presupposes a record that an examiner can review. DORA's recoverable obligations imply integrity through to the recovery point. Tamper-evidence is the implementation property that makes integrity claims defensible.
§ 03 Related
Where the term lives.
Regulatory frames