The process of auditing a computer system to check whether sensitive files have been changed by an intruder. One of the first things that an intruder does after a successful entry to a networked system is to change files in the system so that the next time that he or she enters the system it will be easier. For example, intruders might change a user file which gives them enhanced privileges or change a password file so that they can enter the system masquerading as a regular user. There are a number of commercially available change detection tools that are available. Change detection is also known as edit detection.