Search terms / keywords?

In general, you can use forensics software to search for keywords across an entire device (e.g. a hard drive image) or only in parsed artifacts (e.g. web browser history, "most recent" entries in the Windows registry, etc.). Searching the entire device/drive is useful for finding hits that the program might not otherwise parse. For example, I did a search in a case several years ago and found some hits in a file that was used by Chrome, but it wasn't part of a browser history entry and wasn't parsed by the forensics program I was using at the time.

Searching artifacts helps to identify the ones that are actually relevant. For example, if an employee at your company is suspected of sending confidential material to a competitor via email, you could acquire his email (from the server and/or from his device) and search for keywords related to the competitor and/or to the confidential material. That's much more effective than having to manually sift through all of his email.

A single hit can be meaningful or hundreds of hits can be false positives (keyword matches, but not relevant to your case). It really depends on what you're looking for and where you find it.

The best way to understand would be to try out a tool for yourself. Check out Autopsy, it's free https://www.autopsy.com. There is documentation on the website and you can probably find some videos on YouTube.

Thanks that's a great answer. I imagine putting 'context' to the results can be time consuming?. Would the 'hits' give information such as date, time, whichever user was logged in?. I'll take a look at Autopsy is that the best software for keywords?.

The hits that you get should show the metadata surrounding them (depending on your software). That would give you the dates you seek as well as potential user data.