Which scenario best demonstrates the value of audit trails in security?

Audit trails are sequential records of system and user actions that show who did what, when, and where. Their value in security is the ability to reconstruct events after something has happened, making it possible to trace the path of an intrusion, identify the compromised accounts, and determine exactly what data was accessed or altered. In a scenario where a data breach is suspected, these logs provide the evidence needed to establish a timeline, understand how the breach occurred, guide containment and remediation, and even support legal or regulatory investigations. While audit trails can aid ongoing monitoring, their strongest demonstration is in post-incident investigation to uncover the facts and inform the response. The other choices relate to performance, efficiency, or different security controls that don’t leverage log history for incident understanding.