Definition: Digital evidence is electronic information that makes it possible to associate certain data with computers or networks. Internet traffic, for example, can be logged electronically stored so that documentation is available for attribution and analysis. The source and essence of all data transmissions can then be subjected to a detailed analysis.
Logging-in is one such feature but it can be disabled by malicious crackers. Doing so eliminates the foot print of what has passed through the network.
Examining the contents contained on a hard drive or even random access memory can be documented for evidentiary purposes. Your jurisdiction may soon be implementing strong electronic discovery rules.
Some laws (eDiscovery) make it required that companies be able to retrieve digital data for legal proceedings
Its Relevance: Substantiation of digital activity is a major issue when prosecuting individuals who have attacked an information system. Many statutes also require that "what happened" be disclosed to individuals who lose confidential information in your system. Successful prosecution is nearly impossible without a record of what happened. Precise information security policies and procedures, therefore, need to be established.
Information systems should be fashioned to collect documentation so that a comprehensive information security program can effectively function.
Also, organizations must now provide for the retrieval of data which is subpoenaed by the courts. The legal implications for being unable to comply can be significant.