Skip to main content

Digital Forensics South Africa

digital forensicsOur digital forensic investigators can help you identify, acquire (extract), preserve, investigate, analyse, interpret, recover, and report on evidence from working and non-working (mechanically failed), deleted, ransomware-infected, and corrupted digital data storage devices, including cloud-hosted locations that may have been used during an incident, to determine and report the who, what, when, where, why, and how of an incident:-

  • Who:
    • Who opened, executed, emailed, copied or deleted the data - to whom was the data sent, and who else was involved or had access to the device or data?
  • What:
    • What data was accessed, copied, sent, printed, screen captured, deleted, obfuscated, password protected or encrypted - what applications or devices were used, what programs were installed, deleted or uninstalled, what other data could have been affected, what websites, social media, online communication, forums, file storage sites etc. were visited, what was posted or uploaded, what was the sequence of the events?
  • When:
    • When was the data accessed, copied, sent, printed, screen captured or deleted - when were the applications or devices used, installed, deleted or uninstalled?
  • Where:
    • Where else is the data located? Where was the data sent, uploaded, copied or printed? 
  • Why:
    • Are there any correspondence, metadata or activity logs that could assist in answering this question?
  • How:
    • How was the data accessed or compromised? How did the data get on or off the device, and how did the person communicate with others?

Our digital forensic services include:

  • Blockchain Forensics: Investigating and analysing blockchain transactions, cryptocurrencies, NFTs, and Web3 technologies to uncover illicit activities and trace digital assets.
  • Cell Phone Forensics: Analysis of Android and iOS cellular phones, smartphones, tablets and most other mobile devices and their data.
  • Cloud Forensics: Microsoft 365, Azure. OneDrive, Microsoft Teams, Apple iCloud, Amazon Web Services (AWS), Box.com, Dropbox, Gmail and Yahoo.
  • Computer Forensics: Examination of Windows, Apple Mac and Linux PC's, laptops, servers (RAID, NAS, SAN) and all other computers, devices and their data.
  • Covert Monitoring & Forensics: Discreetly monitoring digital activities and performing forensic analysis to detect and investigate internal threats, fraud, or other misconduct.
  • Cybercrime Investigations: Investigating cybercrimes and related incidents.
  • Database Forensics: Investigating and recovering data from databases like MSSQL and MYSQL to identify unauthorised access, data manipulation, or other illicit activities.
  • Drone (UAV) Forensics: Examination of data from Unmanned Aerial Vehicles (UAVs or drones), including flight logs, images, videos, and operational data.
  • Due Diligence Investigations: Conducting investigations to assess risks and potential liabilities. 
  • E-Discovery SupportProviding technical assistance and expertise in the identification, collection, processing, and analysis of electronically stored information (ESI) for legal proceedings.
  • Email Forensics: Extraction, preservation, and analysis of email data from various platforms such as Outlook, Microsoft 365 Email, MS Exchange, Gmail, and Lotus Notes to uncover evidence.
  • Ex-employee Data Acquisitions and departing employee forensics: Securely acquiring and analysing data from devices used by departing employees to identify potential data theft or policy violations.
  • Expert Testimony: Providing expert testimony in legal proceedings.
  • Forensic Data RecoveryAdvanced data recovery and data extraction from faulty, failing, encrypted and difficult-to-access storage devices for use in legal cases.
  • Incident Response (IR): Providing rapid and comprehensive services to address and manage the aftermath of cybersecurity incidents, including containment, eradication, and recovery.
  • Independent 3rd Party Data Acquisitions and Investigations: Offering impartial and objective forensic data acquisition and investigation services for legal, corporate, or private matters.
  • Memory Forensics: Analysing volatile memory (RAM) from Windows, Mac, and Linux systems to uncover runtime data, active processes, and evidence of malware or intrusion.
  • On-site, Remote and In-Lab Data Acquisitions: Forensically sound collection of data from a wide array of digital storage devices, performed at your location, remotely, or in our specialised lab from almost all digital storage devices.
  • Ransomware Forensics: Investigating ransomware attacks to identify attack vectors, understand the scope of compromise, and assist in data recovery and perpetrator identification.
  • Remote Forensics: Conducting forensic investigations and data acquisition on systems and devices from a remote location, minimising disruption and response times.

Our digital forensics and incident response (DFIR) investigations generally fall under:

  • Corporate data investigations involving internal unauthorised data access and exfiltration or theft of intellectual property, trade secrets or other sensitive data.
  • External data breach & exfiltration (hacking, ransomware, IP theft, etc.)
  • Fraud, theft, corruption (moonlighting, invoice, stock manipulation, etc.)
  • Threat hunting - Compromised (hacked) and infected device forensics
  • Incident response (DFIR)
  • Business email compromise (BEC)
  • Document, email and media manipulation and tampering
  • Document and media exploitation (Domex)
  • Company policy violations
  • Departing employee investigations
  • Contractual disputes
  • Wrongfully accused investigations

Typical scenarios:

  • A Director, manager or other employee or ex-employee:
    • Exfiltrate emails, intellectual property or other confidential information;
    • Gains access to sensitive documents or emails;
    • Deletes intellectual property, important or other confidential information;
    • Sells your products or services on the side;
    • Makes fraudulent payments or other expense claims;
    • Compromises your digital security by visiting harmful websites;
    • Manipulates or otherwise alters digital records;
    • Misuses company assets by storing child pornography etc., on the servers/computers and deletes the evidence;
    • Hack user accounts etc.
  •  External cybercrime where a perpetrator:
    • Uses your company identity for nefarious purposes;
    • Gains access to your systems:
      • By performing an SQL, brute force, DOS or other forms of attack;
      • Using identity theft, social engineering, phishing, spoofing or other means.

Related Services:

See Also:

Contact us now for a free consultation, evaluation and preliminary quotation.

Terms and Conditions Apply