• left-quotesWe had one of our employees steal data from the company and gave it to one of our competitors...”

  • left-quotesSomeone has falsely accused me and my business of all kinds of illicit acts, damaging the company’s reputation and I want to know who was behind the profile to pursue legal action...”

  • left-quotesSomeone in our company deliberately deleted sensitive data, and we needed to identify what was deleted, when and by whom...”
  • left-quotesOur systems administrator used the datacenter servers to mine cryptocurrency over a period of several months, and we needed to have his devices investigated to pursue legal action...”
  • left-quotesAn employee leaked a confidential recording of one of our shareholder meetings causing a public relations disaster...”

Digital Forensic Investigations South Africa

digital forensicsOur digital forensics and incident response (DFIR) investigations generally fall under:

  • Internal data exfiltration (Intellectual property theft etc.)
  • External data breach & exfiltration (hacking, ransomware, IP theft, etc.)
  • Fraud (Moonlighting, invoice, stock manipulation, etc.)
  • Corruption
  • Company policy violation
  • Departing employee investigation

Typical scenarios:-

  • An employee or ex-employee:
    • exfiltrate emails, intellectual property or other confidential information;
    • deletes intellectual property, important or other confidential information;
    • sells your products or services on the side;
    • makes fraudulent payments or other expense claims;
    • compromises your digital security by visiting harmful websites;
    • manipulates or otherwise alters digital records;
    • misuses company assets by storing child pornography etc. on the servers/computers and deletes the evidence;
    • hack user accounts etc.
  •  External cybercrime where a perpetrator:
    • uses your company identity for nefarious purposes;
    • gains access to your systems:
      • by performing an SQL, brute force, DOS or other forms of attack;
      • using identity theft, social engineering, phishing, spoofing or other means.

What can you expect from a digital forensic investigation?

We can help you recover, extract, investigate and analyse evidence from working and non-working (mechanically failed), deleted and corrupted digital data storage devices, including cloud-hosted locations that may have been used during an incident, to determine and report the who, what, when, where, why and how of an incident, e.g.:-

  • Who was using the device?
    • Who opened, executed, emailed, copied or deleted the data - to who was the data sent, and who else was involved or had access to the device or data?
  • What happened?
    • What data was accessed, copied, sent, printed, screen captured, deleted, obfuscated, password protected or encrypted - what applications or devices were used, what programs were installed, deleted or uninstalled, what other data could have been affected, what websites, social media, online communication, forums, file storage sites etc. were visited, what was posted or uploaded, what was the sequence of the events?
  • When did this happen?
    • When was the data accessed, copied, sent, printed, screen captured or deleted - when were the applications or devices used, installed, deleted or uninstalled?
  • Where did this take place?
    • Where else is the data located? Where was the data sent, uploaded, copied or printed to? 
  • Why did it happen?
    • Are there any correspondence, metadata or activity logs that could assist in answering this question? 
  • How was it done?
    • How was the data accessed or compromised, how did the data get on or off the device, how did the person communicate with other people?

Our field of expertise includes:

  • Onsite, remote and in-lab data acquisition from almost all types of digital storage devices including forensic acquisitions as an independent 3rd party.
  • Forensic data extraction from faulty, encrypted and difficult to access storage devices.
  • Computer Forensics (Windows, Mac, Linux etc.)
  • Network Forensics.
  • Mobile Device Forensics (Android and IOS devices - cellular phones, smartphones, tablets, GPS devices, Kindle, Media devices, SIM cards etc.).
  • Email Forensics (MS Exchange, Outlook, Gsuite, Gmail, Office 365, Lotus notes etc.)
  • Cloud Forensics (Apple, Amazon Web Services (AWS), Box.com, Dropbox, Facebook, Instagram, Lyft, Mega, Twitter, Uber, WhatsApp, G Suite, Gmail, Microsoft Azure, Office 365, Office 365 Sharepoint, OneDrive, Microsoft Teams, Slack, Snapchat and Yahoo) - * Require admin or user credentials depending on the service.
  • Drone Forensics.
  • IoT Forensics.
  • Memory Forensics (Windows, Mac, Linux).
  • Email Forensics (Outlook, Microsoft 365 Email, G Suite, MS Exchange, Gmail, Lotus Notes etc.).
  • Database Forensics (MSSQl, MYSQL etc.).

What is a departing employee investigation?

This is a condensed forensic investigation from personal computers (PCs) and laptops, with the data captured remotely to determine:

  • What files were downloaded and accessed?
  • What cloud services were accessed?
  • Internet history (searches and websites visited)?
  • Unauthorised programs loaded?

What is departing employee investigation not?

  • A full forensics investigation, including a detailed forensic report.
  • Does not include:
    • Recovery of deleted data, decrypting files and password recovery.
    • A full forensic image of the data storage device.
    • Data extraction and investigation from mobile devices.

Related Services:

See Also
Why do storage devices fail and other causes of data loss?
Data Recovery vs Forensic Data Recovery vs Forensic Investigation

Tags: Digital Forensics Computer Forensics Data Forensics Electronic Forensics Digital Search And Seizure Digital Evidence Digital Forensic Investigation Data Message Forensics Electronic Evidence Forensic Duplicates Intellectual Property Theft Data Theft