Includes checks that look for signs of overt or possible system tampering. Examples include the existence of backdoor programs, the use of password sniffer applications, unusual or unexpected user accounts or parameters, or modified system files.