This document discusses using hybrid logical clocks (HLC) to improve database forensics and establish chain of custody for audit records. It proposes a forensically-aware distributed database architecture that uses HLC to generate, collect and preserve audit records in a way that accurately timelines events. Initial results show HLC provides a more scalable and accurate approach than previous vector clock-based methods. Future work involves formally proving the architecture's correctness and improving overhead for timelining with high transaction volumes.