The Differrence Between E-Discovery And Computer Forensics

4 years ago

Key Points:

  • Claims that say they will recover deleted/hidden data will usually refer to computer forensics.
  • E-discovery and computer forensics are two separate fields.
  • E-discovery is more concerned with organizing data, while computer forensics is concerned with producing admissible evidence.
  • Computer forensics often use data carving to recover deleted/hidden records.
  • Electronic discovery and computer forensics often seem synonymous, but do different things.
  • Recovery of electronic data in a civil case may not need the same amount of expertise as a criminal investigation, so different people are needed.
  • Electronically discovery and computer forensics are not the same thing.
  • E-discovery involves the process of sifting through huge amounts of ‘raw’ data to remove duplicates.
  • Computer forensics is a much more complex process which involves highly technical procedures such as ‘data carving’: the act of looking at flags in un-indexed, raw data, to recover a deleted file.
  • Computer forensics involves looking at computers in criminal cases or civil cases in which computer use or misuse is at the core of the activity in question, and would be considered an appropriate tool for use in criminal rather than civil matters.

The Distinction Between E-Discovery And Computer Forensics

When digital data is recovered in a civil case to prove or disprove a matter, it is often referred to as digital e-discovery. When digital data is recovered in a criminal investigation, it is often referred to as computer forensics. These two terms are often interchanged and are not distinctly separate from one another, but there is a distinction between electronic discovery (e-discovery) and computer forensics. Even if the fields do use the same tools and techniques, they do different things.

Computer forensics is a subject that is primarily related to digital investigation and investigation case work, and is usually quite different from e-discovery. While the primary purpose of e-discovery is to organize and provide data requested or needed in civil suits or criminal cases, computer forensics is more concerned with producing admissible evidence. E-discovery and computer forensics are not synonymous terms. Computer forensics is more related to criminal matters, and using highly technical procedures, such as ‘data carving’: the act of looking at flags in un-indexed, raw data, to recover a deleted file.

While a chosen tool may be called ‘e-discovery’, it may also be a type of computer forensics. When a computer seizure is conducted in an investigation, a computer forensics professional is called in to help decrypt the hard drives and produce the information that is considered admissible evidence in a court of law. In regard to computer forensics, computer data can be either a piece of admissible evidence or a body of evidence itself. A good example of admissible evidence as used in a court of law would be an Excel spreadsheet: “an Excel spreadsheet from Plaintiff’s hard drive was recovered with the date and time corresponding to the date and time of the alleged assault.” This may be found as e-discovery, but it is also considered strong admissible evidence. It seems that the terms are used interchangeably, and both would be used in all sorts of different industries, but both have distinct terms for the different types of data recovery. E-discovery is more concerned with organizing data, while computer forensics is concerned with producing admissible evidence. E-discovery and computer forensics often seem synonymous, but do different things.

A reason why there is confusion about the difference between e-discovery and computer forensics is that both involve the process of recovering electronic data. When e-discovery is used in a criminal case or a criminal investigation, the term is being used to describe the organization and retrieval of digital data that is relevantly needed in the investigation. This electronic data may or may not be admissible in a court of law. The point is to produce any electronic data that is relevantly needed. A computer forensics tool can achieve both of these goals, since both involve the process of recovering electronic data. It would be extremely difficult to distinguish between the two if the terms are used interchangeably, but these are different fields that work with each other.

E-discovery and computer forensics often seem synonymous, but do different things. Depending on what a company wants to achieve, they may need to use different people. If recovery of electronic data in a civil case may not need the same amount of expertise as a criminal investigation, so different people are needed. It can be possible to achieve both e-discovery and computer forensics tasks with the same entity, but there is such a big difference in the processes that using e-discovery to achieve a computer forensics goal may not give an efficient outcome.

What is E-Discovery?

E-Discovery is the process of identifying, collecting, preserving, storing, reviewing, producing, and managing electronically stored information (ESI) in compliance with legal, regulatory, and business requirements. Electronic discovery is a part of a larger process known as E-discovery, which also encompasses other aspects including data processing and indexing. E-discovery is “the discovery of electronically stored information in any format from a computer-based electronic discovery system.” Electronic discovery may be used to find information vital to a court case. E-discovery provides the technology to find, organize, and store the data that the parties involved in the case need.

What is Computer Forensics?

Computer forensics is a branch of forensic science that investigates the use of digital information in computer-presented crime. Two major areas that computer forensics focuses on are cybercrimes and the use of computers in courts of law. Computer forensics is the use of technical approaches to computer systems to gather, validate, verify, and present evidence in a court of law. Digital evidence refers to any electronically stored information (ESI). Computer forensics is used to gather digital evidence in courts of law.

Electronic discovery and computer forensics often seem synonymous, but do different things. To get the correct information in a court of law, computer forensics is a good tool to have. Since computer forensics is a very specific field that relates to data recovery for the purpose of criminal investigation, the types of data recovery sought are not the same. In a civil case, the parties involved often do not need the level of tools and techniques to find large amounts of relevant data that would be used in a criminal investigation.

Leave a Reply

Your email address will not be published.