There are four main types of data extraction used in electronic discovery.

1. Logical Extraction - a computer program is used to extract data from a network or mobile device. The extraction is read only and does not alter data. A forensic tool is connected with a cable to the device.

2. File System (manual) Extraction - an application is used in conjunction with copying data off the file system. Electronic files and hidden files can be accessed.

3. Physical Extraction - an image of a device's memory is performed. Deleted data can also be recovered. Creating a bit-by-bit image is time consuming.

4. Advanced Physical Extraction - forensics tools can be used to recover flash memory. This involves recovering data from memory chips, which must be removed from a device. Advanced Physical Extraction may make it possible to determine what a device was being used for when it was damaged (e.g., ascertaining that a smartphone was being used to send a text message when it was broken in a car accident); or recover data from devices that don't have USB or other data ports.