E-Discovery (or electronic discovery) is the process of collecting, analyzing and organizing any information that is in an electronic format. This electronically stored information will have metadata associated with it. (Metadata is the information about the data, such as who modified it last, when, how large it is, etc.) Sometimes the metadata is just as important as the actual document, so in the e-discovery process, it is very crucial to avoid damaging or changing the metadata.
E-discovery can branch into computer forensics. Computer forensics is a field in forensic science relating to legal evidence found in electronic documents, computers and other digital storage mediums (cell phones, security systems, etc.). Organizations have many reasons to begin an e-discovery or computer forensics effort:
To provide IT support in a legal case.
To recover data after a hardware or software failure.
To investigate the impact of a Trojan, virus or other malware event.
To understand what a hacker may have done or seen.
To build a case against an employee that may be let go.
To aid in reverse engineering or debugging.