Malware often takes the form of binary files. To prove the assertion that a malicious file was downloaded, submitting the output of a sandbox detonation report along with an IPS alert as evidence, as opposed to submitting the binary malware file itself, is an example of which concept?

Submitting the output of a sandbox detonation report along with an IPS (Intrusion Prevention System) alert as evidence, rather than submitting the binary malware file itself, is an example of indirect evidence.

Indirect evidence, also known as circumstantial evidence, implies the truth of an assertion indirectly, through an inference. In this case, the sandbox report and the IPS alert imply that a malicious file was downloaded without providing the direct evidence of the malware file itself. This contrasts with direct evidence, which directly proves the fact in question, such as the actual binary file of the malware in this scenario.