On a weekend afternoon, two people dressed as repairmen entered the closed offices of a luxury-goods retailer. Working quickly with a digital camera, they photographed the tops of the desks belonging to three employees.

Then they copied the hard drive on each worker's PC. Using the digital photos as a guide, the pair made sure they hadn't disturbed anything on the desks. Mission accomplished, they hurried back to Deloitte & Touche's New York forensics lab.

A scene in an upcoming James Bond movie? Hardly. The retailer had hired the two experts to search the computers of three employees suspected of stealing corporate secrets and client information and feeding it to a departed executive.

With just 20 key words supplied by the retailer, the technicians recovered plenty of smoking guns. Deleted e-mails and America Online instant messages confirmed the company's suspicions.

By tracing the employees' movements through the company computer network, the experts also showed that the suspects had sent confidential information to the former executive using an AOL account. Civil litigation over the theft is pending.

Corporate investigations used to mean following a paper trail, but these days many follow an electronic one. Increasing demand for the skill and technology necessary to unearth digital secrets has led to the birth of a small but growing industry: computer forensics.

Computer-forensics experts, who often have a background in law enforcement, computer technology or both, can determine the last time a computer was turned on, and when a document was created, reworked and printed. They can dig up e-mail and documents that seemingly have been deleted, determine what Web sites were visited and which key words were used to get there.

While some skilled computer-room techies may be able to perform similar tasks, the computer-forensics experts bring an added benefit: They are outsiders. That may make them more credible in the eyes of a judge or jury.

"If you do the work in-house, you have a vested interest in the evidence you find," says Bob Gomes, president of RenewData, an Austin, Texas, forensics firm with 30 employees. "How does a court know it wasn't altered? A good opposing counsel will do a lot with that."

Also, since they are trained in legal technicalities, the forensics experts are more adept at maintaining proof of the evidence's chain of custody and documenting when, how and by whom the evidence was gathered and analyzed. Such factors are crucial to ensuring the evidence will be admitted in court.

As electronic evidence continues to take a more prominent role in litigation, computer-forensic firms are expanding. The industry is made up mainly of players from three areas: accounting-forensic units of big accounting firms, data-recovery and computer-repair specialists, and litigation-support services.

"Within three years, I'm sure almost all evidence collected in discovery will be electronic-based," says Joan Feldman, president of Computer Forensics Inc. of Seattle. "We're now staffed seven days a week, 18 hours a day just to keep up with our clients' court schedules." Her company, which she founded nine years ago, now has two offices and 11 employees.

Deloitte & Touche LLP went into the computer-forensics business five years ago and operates eight labs, employing 100 specialists in the U.S. Clients include financial-services and technology firms, retailers and government agencies.

"People say things in e-mail they'd otherwise never write, and probably never say," says Simon Platt, who oversees the accounting firm's national forensics unit. "And once it's written, copies can be found everywhere."

Mr. Platt attributes the industry's growth to the recent awareness by courts and law-enforcement officials of the importance of electronic documents. He points to New York Attorney General Eliot Spitzer's investigation of former Salomon Smith Barney analyst Jack Grubman, which heavily relied on e-mails.

None of this expertise comes cheap. Most firms charge $250 to $500 an hour, depending on the tasks' complexity and volume of records examined. Flat fees are often negotiated for long-term projects.

Computer-forensics work usually begins with an expert making bit-by-bit duplicates of the digital stuff on a hard drive (analysis is conducted on copies so that original evidence isn't disrupted).

Experts sometimes can replicate an employee's hard drive just by plugging into a company's network, and can even track an employee's online movements as he or she makes them.

Verifying the authenticity of electronic evidence is usually the next step. Experts are often called to testify in court about the methods used to retrieve information. Such proof is important in defending against tampering accusations, which often arise in cases involving electronic records.

A case involving a large defense contractor in the Washington, D.C., area is typical. In November, the company contacted RenewData. The defense company had just fired an employee and had reason to believe that after the termination he copied some sensitive files from his workstation and two servers to floppy disks, and then deleted them. The company didn't know what the employee had taken nor what he had deleted.

RenewData technicians told the company to stop using the computer and two servers that held the network files. Then, a forensic expert flew to Washington to take forensic images of each of the drives involved. Back in the lab in Austin, technicians were able to retrieve logs that documented the employee in question deleting files. They also were able to restore the deleted files. The former employee, when faced with this evidence, admitted his guilt and reached a settlement with the company out of court.

"We see a lot of cases like this," says Mr. Gomes, the RenewData president. "When people are faced with such incriminating electronic evidence, usually they settle very quickly."

What can make electronic evidence potent is that it is sometimes the only proof of wrongdoing. In 2000, the National Oceanic and Atmospheric Administration, a federal agency, suspected that a Russian ship fishing in Russian waters was exceeding international crab-fishing quotas and violating the Lacey Act, which prohibits illegal movement of natural resources into the U.S. The crabs were being sold in the U.S. using falsified customs declarations, officials believed.

Search warrant in hand, NOAA officers brought technicians from a computer-forensics firm aboard the vessel to make a replica of the ship's computer systems. Analysis of the vessel's global-positioning system and electronic logs determined the ship's exact location on specific dates, its speed through certain depths, activity of its nets and the volume of crab brought aboard. Recovered communication between the ship and the company that owned it revealed that management knew of the ship's activity.

Based on this, agents were able to piece together evidence that the agency says shows the crew and its owners had broken the law. The head of the fishing company is facing criminal charges in Russia and may be prosecuted in the U.S. as well.

"In this case we didn't have Coast Guard photos; we had to rely strictly on electronic data," says Brad Vinish, an NOAA deputy special agent in charge. "This ability has revolutionized how we're doing some investigations."

Write to Ellen Byron at ellen.byron@wsj.com