Many electronic systems suffer from unauthorized access by fraud. Such systems typically include security systems that detect the attempts to gain unauthorized access by fraud. Such security systems typically detect fraud after the fact and gather evidence of the fraud for use in attempting to determine the parties that committed the fraud. For example, a computer may be used to log activity for a private network. The logged activity may include information about the parties accessing the network, such as the parties' IP address, location, and other identifying information, as well as the time and duration of the activity. The computer would then keep track of the private network's activity and detect an attempt to hack the network, or an actual hack into the network. The computer would then be able to use the log to perform a forensic root cause analysis.
Such evidence of fraud is typically stored as a log file in the electronic system subject to the fraud. Often times the log file can be altered by the attackers as the attackers attempt to cover their tracks. It would be advantageous for the log to be stored in an undeletable and unalterable state and/or location, such that the hacker would not be able to delete or alter the information stored in the log.
This invention provides a novel solution for a secure audit logging system, apparatus, and processes for creating an unalterable log, thus enabling the victims of a fraudulent attack to determine when their system has been hacked and to securely access the unaltered log for forensic root cause analysis.