E-discovery is something I have heard a lot about, but not really given it some serious thought. I mean, “electronic discovery” sounds like any other word for digital forensics or cyber investigation. Its all the same? First, an extended quote from the lecture on this is:

“Electronic discovery (also called e-discovery or eDiscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. E-discovery can be carried out offline on a particular computer or it can be done in a network. Court-ordered or government sanctioned hacking for the purpose of obtaining critical evidence is also a type of e-discovery.” (Accessed: April 2018, Source: https://www.bcs.org/content/ConWebDoc/20359)

By that description, it can be considered as the core essence of digital forensics. But, the way I see the difference is that it is more focused on organisations and also to keep in place early practice (like policies and logs) to be able to later obtain information if an event occurs.

Another important distinction, and probably the biggest one, is that whilst computer forensics typically are investigating devices and information stored on concrete hardware – e-discovery aims at collecting large amounts of data from multiple people. Possibly from a network or similar data pools. Using Big Data might also be considered e-discovery.