{
  "card_type": "AuditTraceEvidenceSnapshotCard",
  "version": "2026.06",
  "card_id": "ATL-SAMPLE-20260622-001",
  "contact_email": "contact@audittracelabs.com",
  "status": "sample-redacted-ready-for-review",
  "workflow": {
    "name": "MSP client incident handoff",
    "purpose": "Preserve decision-grade system-state evidence before remediation changes the record.",
    "authorized_by": "Client owner or authorized MSP contact",
    "capture_window": "2026-06-22T09:00:00Z/2026-06-22T10:00:00Z"
  },
  "approved_sources": [
    {
      "source": "Windows system state summary",
      "owner": "client",
      "handling": "local-first, redacted summary"
    },
    {
      "source": "Selected event log exports",
      "owner": "client/MSP",
      "handling": "bounded by incident window"
    },
    {
      "source": "Configuration and preservation notes",
      "owner": "AuditTrace",
      "handling": "packet manifest"
    }
  ],
  "exclusions": [
    "No passwords, tokens, recovery codes, or private client content in first inquiry",
    "No passive monitoring, employee surveillance, behavior scoring, or stealth collection",
    "No malware removal, attribution claim, or legal conclusion in this packet"
  ],
  "validation": {
    "manifest_present": true,
    "scope_reviewed": true,
    "handoff_path": "summary first; evidence packet only under approved handling rules",
    "reviewer_note": "Sample card shows structure, not a live engagement."
  },
  "final_contact": "contact@audittracelabs.com"
}