Digital Forensics Services

SERVICES

Digital forensics, which includes both cellular forensics and computer forensics (this includes CFE, digital fraud investigations and service of summons in South Africa) is the service of collecting, preserving, analysing and then presenting digital-related evidence. We use complex techniques and state-of-the-art software to identify, collect the evidence, examine what we find and then preserve all the data.Our lab services include Device Cloning using FTK for live imaging, uReach cloning devices and a variety of triage products. We support Cellebrite and Magenet Axiom for device acquisition and deep-searching to get the maximum available data.

Our digital forensics services as well as our cellular forensics services are generally designed around the needs of attorneys, investigators and forensics audits, but we also cover a wider scope. Do not hesitate to contact us if you wish to have a confidential discussion around your particular requirements.

We generally work directly for private investigators, polygraph examiners, attorneys and similar parties although we can accept a direct brief from a corporate entity that requires our services. We are able to assist bona fide law enforcement agencies with the procurement of forensic software and hardware once credentials have been verified.We are based in Cape Town and Pretoria in South Africa with reach to the coastal areas of Durban and PE through our network of associates.

Please see below some of the digital forensic services and cellular forensics services we provide, in Cape Town and nationally.

tcg digital forensics computer forensics fraud investigations south africa

Business Continuity Planning

Business continuity planning, while not specifically a forensic service, relies heavily on the abilities of a response team and forensic specialists following an incident.

As such, we have a wealth of experience to bring to the table when drafting and reviewing your BCP. We offer valuable insight into an array of options that may be of vital assistance in returning your operations to a stable platform post-crisis. We invite contact in this regard to discuss how we may be of service to you. Please note that this service is available in Cape Town and Pretoria and elsewhere by prior arrangement.

tcg digital forensics computer forensics fraud investigations south africa cellular phone analysis

Cellular Phone Analysis

With the advent of smart phones, investigators and attorneys have been faced with a new challenge. The knowledge that critical evidence exists and rests within that handset is a cause of frustration if one cannot access it in a forensically sound manner.

We offer two levels of accessibility to handsets, namely logical and physical acquisition. Logical being a direct clone of all the data on the cellular handset and physical being a complete clone of the entire device including deleted information that may still be accessible. We use the very latest technologies for accessing the above and for more complicated matters we are able to offer JTAG and Chip-Off services. As with most of our forensic services, we are able to offer a portable case file so that the data can be analysed at your convenience. We do offer an analysis and linking service should you require. Please note that while we do offer these services directly at our Cape Town and Pretoria offices, however these can be time consuming in terms of the size and complexity of the handset and as such run a standard 72 hour lead time on cellular forensics. Equally we must be explicit – we will not recover your wife’s / husband’s / girlfriend’s or boyfriend’s WhatsApp’s, locate their phone in the dead of night or recover images from their handsets. We require written consent of the owner of the device before work commences and we do not accept any matrimonial work unless directed to us through an attorney.

tcg digital forensics computer forensics fraud investigations south africa phone debugging

Cellular Phone Debugging

So, you’re worried that your phone has been hacked and cyber criminals are potentially spying. YES – it is possible for them to access your private information such as your online banking and social media account and pass it along to fraudsters.

In most spyware or malware cases, you will not notice your device is infected because it will be operating silently in the background, is barely noticeable and can disguise itself as an authentic application.

Here are some signs that could indicate an infection…

  • Frequent pop-up adverts
  • Fast battery drain
  • Random shutting down
  • Strange messages
  • Performance problems
  • Fast data usage
  • Crashing apps

Remove all traces of any spyware or malware from your cell phone with our affordable, effective cellphone debugging services. Here’s what we offer:

Walk-in: The cell phone must be brought into one of our offices in either Cape Town or Pretoria. Please note you MUST book 24 hours in advance - we cannot perform a scan without a booking. (This will take about one hour depending on the size of your cell phone's memory.)

Couriered: We will collect your cell phone by courier, ship it to our Cape Town or Pretoria office, check it and debug it if need be, and then send the report and the phone back to you. (This will take about four business days depending on the size of your cell phone's memory.)

tcg digital forensics computer forensics fraud investigations south africa certified fraud examiner

Certified Fraud Examiner Services

A CFE (Certified Fraud Examiner) is an individual with a range of skills that is not often found in any other career field. CFEs combine an extensive knowledge of financial transactions with an understanding of investigations and law to settle fraud claims.

A CFE offers a unique set of expertise in detecting, preventing and then investigating fraud – allowing your business to uncover fraud sooner and avoid losses that can negatively affect your organization. No organisation is completely safe from fraud and the damage that it can cause. From large corporations to small family-run businesses, fraud is often inescapable, resulting in a devastating outcome. Our CFEs in South Africa can protect you, your organisation and strengthen your overall anti-fraud efforts. We offer a range of digital forensics services including CFE in South Africa which can protect you, your organisation and strengthen your overall anti-fraud efforts. Are you looking for a CFE (Certified Fraud Examiner) in South Africa to conduct digital fraud investigations? Feel free to contact us if you wish to discuss your specific requirements.

tcg digital forensics computer forensics fraud investigations south africa cyber investigations

Cyber Investigations

Online Fraud, supplier fraud, identity theft and corporate identity theft are on the rise in South Africa. Business hubs such as Cape Town, Pretoria and Johannesburg are awash with crime syndicates who have perfected the art of commercial identity theft.

Our internal analysts will review the circumstances of any attempt or loss and assist with the investigative process. We have abilities within the areas of e-mail tracing, cellular phone tracing and, of course, suspect baiting. Our teams are familiar with the different role players in this market and are constantly staying abreast of the latest trends. We invite you to join our newsletter to stay abreast of the latest trends in online fraud and scams. Forewarned will always be forearmed. Again, we are privileged to have a qualified psychologist on hand with experience in cyber security that is able to guide and advise us in building a suspect profile when required.

tcg digital forensics computer forensics fraud investigations south africa cyber pen testing

Cyber Penetration Testing

Within the realm of network and online security it is often necessary to conduct penetration tests in a controlled manner to highlight network vulnerabilities.

This obviously has to be conducted in the context of existing threats and known vulnerabilities as well as up-to-date insight into how the cyber security field is growing and changing. Our Pen Test team is able to conduct deep scans of your network using a deployed agent and remote access as well as conducting testing on the physical layer. We provide comprehensive reporting and analysis of our findings complete with recommendations for remediation of the highlighted vulnerabilities. Much as one would conduct a security review of a home to ensure that it’s as safe as it can reasonably be, our specialists take an outside-in approach. Penetration testing is the electronic equivalent of breaking into your own building to highlight the risk areas so that these can be addressed.

tcg digital forensics computer forensics fraud investigations south africa device acquisition

Device Acquisition

As such we provide a hardware based cloning service which incorporates MD5 hash comparison to ensure that we have a 100% image of the source drive.

Our Cape Town and Pretoria offices are suitably equipped to provide this as an in-house or on-site service subject to availability. This service is generally a component of our Incident Response Service (hyperlink to page) however it can be used independently should you so require.

tcg digital forensics computer forensics fraud investigations south africa due diligence

Due Diligence Investigations

We offer a digital due diligence service and work in conjunction with seasoned commercial investigators and private investigators as required to build a comprehensive picture of companies and individuals.

Our services include reputational management, digital tracing, company ownerships, lifestyle analysis and cross linking. Should you require our services in this regard, we invite you to make contact with us directly to set up an appointment at our Cape Town or Pretoria offices, alternatively to engage in a skype or telephone conversation around your direct needs. We engage with local and international companies to perform due diligence reports on a retainer basis as well as ad-hoc. Reputational management services are by retainer or via our Incident Response Team Services (hyperlink to that page).

tcg digital forensics computer forensics fraud investigations south africa hacking recovery

Hacking Recovery

Hacking is a reality of online connectivity. In a marketplace where businesses are heavily dependent on online access to data as well as services to conduct business.

Our Incident Response Team is generally the first step in recovering from a systems breach. While most companies have in-house and contracted skills to manage and administer their network, it’s not uncommon that outside specialist skills are needed to recover from a serious breach. Our team are spread between Cape Town, Pretoria, London and Sofia and largely work via remote connection. This enables us to function 24 hours a day if required to restore network integrity. A key component of this service is the ability to gain rapid insight into the structure of the network, analyse any malware that is located and develop pattern matching of the attacker. We are one of a handful of companies worldwide who have an on-call psychologist with a solid IT Security foundation to guide us in profiling an attacker, understanding their patterns and, of course, their motivation. Coupled with the appropriate skillsets, this enables us to predict the next course of the threat and counter it appropriately. Our strategic partnership with Data Keepers (hyperlink) means that we are able to offer a broad range of disaster recovery options in the server-on-demand area. Cloud Based services are an integral part of the modern Disaster Recovery Plan where otherwise costly replacement servers can be used on a scalable basis to restore network access rapidly and reliably.

tcg digital forensics computer forensics fraud investigations south africa hard disk drive analysis

Hard Disk Drive Analysis

We offer detailed drive analysis and recovery of artefacts all in one. Using a physical image of the hard disk drive, we are able to provide a deep scan of deleted items and trace elements from a hard disk drive.

We use world leader Magnet Axiom for hard disk drive analysis along with a handful of proprietary tools and industry accepted technologies. While we are able to offer on-site triage and acquisition, data analysis is best done within our lab as it is a time consuming and resource intensive operation. We run the latest i7 processing units to minimise analysis time and deliver fast results in the form of a portable case file that you may interrogate at your convenience. We follow a full secure chain of custody from device acquisition through to analysis and return of exhibits. Our lab facility is based in Cape Town and available for quantified inspection should this be required. In the normal course of business our lab has been inspected by various official agencies and corporate entities for compliance.

tcg digital forensics computer forensics fraud investigations south africa image enhancement

Image Enhancement

While we would dearly love to provide a “CSI” type service where the smallest reflection in someone’s sunglasses reveals a crystal clear image of a suspect – this is limited to what we term “the elusive Hollywood” computer system.

We will gladly review your image(s) at our Cape Town or Pretoria offices and offer you a no-charge assessment of how much adaptive work can be done with the images you have available. From that point we will be able to offer an estimate of costs.

tcg digital forensics computer forensics fraud investigations south africa incident response team

Incident Response Team

Our IRT is able to deploy to your site quickly based on your incident response plan or, of course, our incident manager will work with you to create a plan based on your specific requirements if you do not have one.

Our IRT services include communications packages, data packages, penetration test kits, triage kits and the ability to seize a large number of electronic assets for analysis. On-site acquisition is typically via UR each cloning devices depending on the clients requirements for either a logical or physical acquisition.

We are equally able to clone cellular devices on the fly for detailed analysis. For cellular devices we favour world leaders Cellebrite or Magnet. While deep diving of data (analysis) is capably handled by Magnet Axiom. We are able to generate portable case files for your convenience and off-site analysis.

Our Incident Response Team is typically comprised of a Team Leader, and then augmented by specialists who will acquire identified equipment, perform triage and if necessary assist with network lockdowns. Our Cape Town team has a wide area of expertise including ransomware and fraud response.

While our core Incident Response Teams are based in Cape Town and Pretoria, we are none the less able to mobilise skills to most countries on the African continent.

Our IRT has been deployed on average twice a month over the past year around the country to assist companies that have been affected by ransomware, subject to internal fraud, online fraud or have been compromised internally by syndicates.

In the background, our IRT is supported by a dedicated service desk that conducts active research while the team is on the ground, ensuing that information is current and accessible at all times.

tcg digital forensics computer forensics fraud investigations south africa service of summons

Service of Summons

As a value added service to our clients abroad, we are offering a summons processing/service in South Africa.

We are able to affect the service of legal processing/summons in the following areas in South Africa:

In most spyware or malware cases, you will not notice your device is infected because it will be operating silently in the background, is barely noticeable and can disguise itself as an authentic application.

  • Cape Town
  • Durban
  • Johannesburg

Please note that we may be available to offer our services to clients in other, additional areas on request. Service is executed by experienced process servers with supporting statements issued and commissioned to that effect. Generally we offer summons processing/services around the needs of attorneys, investigators and forensics audits, but we also cover a wider scope.

For additional information or discussions around the serving of legal process/summons in South Africa as well as additional areas, please do not hesitate to make contact with us directly on 021 110 0422 | 087 001 0523 or email us

tcg digital forensics computer forensics fraud investigations south africa testimony

Testimony

Our analysts are able to assist with expert testimony as and where required within our field of expertise.

Please do not hesitate to contact us if we may be of service in this regard.

OSINT-Digital Forensics-The Computer Guyz-Cellular Forensics-Computer Forensics-Fraud Investigations-South Africa-Services-Icon-Reverse-16.svg

OSINT(Open-source intelligence)

Open Source Intelligence refers to the use of publicly accessible information as well as databases to collect information in a structured manner. Information is gained from Public and Private Databases, the surface web, the deep web and the dark web