An Indicator of Compromise (IOC) is a piece of forensic or observable data—such as a file hash, malicious IP address, domain, URL, registry key, or process name—that suggests a system may be compromised. IOCs are used for detection, threat hunting, validation of alerts, and scoping incidents, and they help responders identify malicious activity across hosts or networks.