As an IT administrator, you notice that unauthorized changes have been made to several important company files. To identify the party responsible for these changes, which practice would be the most effective?
Maintaining and reviewing logs
Restoring the files from the most recent backup
Performing regular system audits
Implementing stricter firewall rules
Enforcing frequent password changes for all user accounts