Digital Forensics South Africa

Our team of digital forensic investigators can help you identify, acquire (extract), preserve, investigate, analyse, interpret, recover, and report on evidence from working and non-working (mechanically failed), deleted, ransomware-infected, and corrupted digital data storage devices, including cloud-hosted locations that may have been used during an incident, to determine and report the who, what, when, where, why, and how of an incident:-

• Who:
  • Who opened, executed, emailed, copied or deleted the data - to whom was the data sent, and who else was involved or had access to the device or data?
• What:
  • What data was accessed, copied, sent, printed, screen captured, deleted, obfuscated, password protected or encrypted - what applications or devices were used, what programs were installed, deleted or uninstalled, what other data could have been affected, what websites, social media, online communication, forums, file storage sites etc. were visited, what was posted or uploaded, what was the sequence of the events?
• When:
  • When was the data accessed, copied, sent, printed, screen captured or deleted - when were the applications or devices used, installed, deleted or uninstalled?
• Where:
  • Where else is the data located? Where was the data sent, uploaded, copied or printed? 
• Why:
  • Are there any correspondence, metadata or activity logs that could assist in answering this question?
• How:
  • How was the data accessed or compromised? How did the data get on or off the device, and how did the person communicate with others?

Our digital forensic services include:

• Computer Forensics: Examination of PCs, laptops, servers (RAID, NAS, SAN) and all other computers and devices and their data. 
• Cell Phone Forensics: Analysis of mobile devices and their data. 
• Cloud Forensics: Examination of data stored in the cloud. 
• Data Recovery: Recovering data from damaged or deleted storage devices. 
• Cybercrime Investigations: Investigating cybercrimes and related incidents. 
• Due Diligence Investigations: Conducting investigations to assess risks and potential liabilities. 
• Expert Testimony: Providing expert testimony in legal proceedings. 

Our digital forensics and incident response (DFIR) investigations generally fall under:

• Corporate data investigations involving internal unauthorised data access and exfiltration (Intellectual property sensitive data theft etc.)
• External data breach & exfiltration (hacking, ransomware, IP theft, etc.)
• Fraud, theft, corruption (moonlighting, invoice, stock manipulation, etc.)
• Threat hunting - Compromised (hacked) and infected device forensics
• Incident response (DFIR)
• Business email compromise (BEC)
• Document, email and media manipulation and tampering
• Document and media exploitation (Domex)
• Company policy violations
• Departing employee investigations
• Wrongfully accused investigations

Typical scenarios:

• An employee or ex-employee:
  • exfiltrate emails, intellectual property or other confidential information;
  • Gains access to sensitive documents or emails;
  • deletes intellectual property, important or other confidential information;
  • sells your products or services on the side;
  • makes fraudulent payments or other expense claims;
  • compromises your digital security by visiting harmful websites;
  • manipulates or otherwise alters digital records;
  • misuses company assets by storing child pornography etc., on the servers/computers and deletes the evidence;
  • hack user accounts etc.
•  External cybercrime where a perpetrator:
  • Uses your company identity for nefarious purposes;
  • Gains access to your systems:
    • by performing an SQL, brute force, DOS or other forms of attack;
    • using identity theft, social engineering, phishing, spoofing or other means.

Our field of expertise includes:

• Windows OS, Apple Mac and Linux Forensics
• Mobile Device Forensics (Android and IOS devices - cellular phones, smartphones, tablets, GPS devices, Kindle, Media devices, SIM cards etc.)
• Blockchain Forensics (Cryptocurrencies, NFTs and Web3)
• Microsoft 365 and Azure
• Incident response (IR)
• Ransomware Forensics
• Onsite, remote and in-lab data acquisition from almost all digital storage devices, including forensic acquisitions as an
• Independent 3rd party data acquisitions
• e-Discovery Support
• Forensic data recovery - data extraction from faulty, encrypted and difficult-to-access storage devices
• Remote Digital Forensics
• Covert Monitoring & Forensics
• Ex-Employee Data Acquisition
• Departing Employee Forensics
• Network Forensics
• Email Forensics (MS Exchange, Outlook, Gsuite, Gmail, Office 365, Lotus notes etc.)
• Cloud Forensics (Apple, Amazon Web Services (AWS), Box.com, Dropbox, Facebook, Instagram, Lyft, Mega, Twitter, Uber, WhatsApp, G Suite, Gmail, Microsoft Azure, Office 365, Office 365 Sharepoint, OneDrive, Microsoft Teams, Slack, Snapchat and Yahoo) - * Require admin or user credentials depending on the service
• Drone (UAV) Forensics
• Memory Forensics (Windows, Mac, Linux)
• Email Forensics (Outlook, Microsoft 365 Email, G Suite, MS Exchange, Gmail, Lotus Notes etc.)
• Database Forensics (MSSQl, MYSQL etc.)

Related Services:

• Blockchain Forensics
• Data Recovery
• CCTV Recovery
• Cell Phone Forensics
• e-Discovery Support & Consulting
• Email Forensics
• Ex-Employee Data Capture and Analysis
• Forensic Data Recovery
• Remote Digital Forensics

See Also:

• What's the difference between Data Recovery and Digital Forensics and Forensic Data Recovery?
• MIME header analysis in email forensics
• Navigating corporate treachery
• A Summary of our digital forensic services