Forensics - Overview
Electronic discovery (called either e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured and searched with the intent of using it as evidence in a civil or criminal legal case. eDiscovery can be conducted offline on a particular computer or it can be performed in a network. Court-ordered or government-sanctioned hacking for the purpose of obtaining critical evidence is also a type of eDiscovery.
The nature of digital data makes it extremely well-suited to investigation. For one thing, digital data can be electronically searched with ease, whereas paper documents must be manually scrutinized. Furthermore, digital data is difficult if not impossible to completely destroy, particularly if it gets into a network. That is because the data appears on multiple hard drives and because digital files can be deleted and undeleted. In fact, the only reliable means of destroying data is to physically destroy the hard drive where it is found.
Computer forensics is a specialized form of eDiscovery in which an investigation is carried out on the contents of the hard drive of a specific computer. After physically isolating the computer, investigators forensically image the hard drive(s). Then the original computer is preserved in a secure facility to maintain its pristine condition. Any and all investigation will be performed on the digital image.
