Backgrounds File integrity checking is used to identify when any file has been changed on the host system. Any file that should be monitored can be defined by the analyst to monitor for unauthorized changes. In order to identify unauthorized changes to files, file integrity checking uses a mathematical function called a oneway hash that produces a hash value result when applied to a monitored file. The hash algorithm always generates the same hash value on the same data file unless a change has been made to the file. The file integrity software creates an index of all the monitored files on the host with their associated hash values. When software checks the hashes of monitored files, if the previous hash does not match for a given file, an alert is raised for the analyst.

Question: Which activity would file integrity monitoring be most appropriate to alert on$?$