Can be contact information, evidence of malicious attacks on systems, GPS location and movement records, transmission records - both authorized and non-authorized, system use or abuse, account production and use, correspondence records and content like images and files.