00c54c9f79
The previous logic used the raw's timestamp, which could end up
slightly outside of the audit period. This would give us a
small window where a delete could happen outside of the
audit period, but we'd still detect it. The new logic uses
the exact end of the audit period.