With the emergence of smartphones and smart devices, investigators and legal professionals encounter a new challenge. The awareness that crucial evidence resides within these devices can be a source of frustration if it cannot be accessed in a legally sound manner. We provide three levels of handset accessibility: logical and physical and file system extractions. Logical acquisition involves a direct replication of all data on the mobile device, while physical acquisition entails a complete clone of the entire device, including potentially recoverable deleted information. We employ the latest technologies for accessing this data. Similar to many of our forensic services, we offer a portable case file for convenient data analysis and reviewing. We require written consent from the device owner before commencing any work.

In South Africa, incidents of online fraud, supplier fraud, identity theft, and corporate identity theft are witnessing a concerning increase. Major business centers in Cape Town, Pretoria, and Johannesburg are grappling with the presence of organized crime syndicates that have mastered the art of commercial identity theft. Our analysts thoroughly examine the circumstances surrounding any attempted fraud or loss, offering assistance throughout the investigative process. We possess expertise in various areas, including email tracing, cell phone tracking, and, of course, suspect entrapment. Our team is well-acquainted with the various stakeholders in this field and diligently keep up with the latest trends.

In the domain of network and online security, it becomes imperative to systematically carry out controlled penetration tests to pinpoint vulnerabilities within networks.This endeavor must be undertaken within the context of existing threats, known vulnerabilities, and a current understanding of the ever-evolving cybersecurity landscape. Our Penetration Testing team possesses the capability to perform in-depth network scans and assessments. We deliver comprehensive reports and analyses of our discoveries, complete with recommendations for addressing and remediating the identified vulnerabilities. Much like a security assessment for a home to ensure its maximum safety. Penetration testing serves as the electronic equivalent of assessing your own infrastructure by simulating attacks and intrusion attempts to highlight areas of risk, enabling proactive mitigation.

We offer a hardware-based cloning service that includes MD5 hash comparison to guarantee data preservation of all acquisitions. Our stringent procedures include a secure chain of custody, starting from device acquisition, through analysis, and up to the return of assets.

We offer comprehensive drive analysis and artifact recovery as a single service package. By utilizing a physical image of the hard disk drive, we can perform an extensive examination of deleted items and trace data elements on the drive. For hard disk drive analysis, we rely on proprietary tools and industry standard technologies. While we can provide on-site triage and data acquisition, the data analysis process is most efficiently conducted within our lab, given its time and resource-intensive nature.

Our Incident Response Team is capable of rapid deployment to your site, either based on your existing incident response plan or, naturally, our incident response team will collaborate with you to craft a tailored plan that aligns with your specific needs if you don’t have one in place. Our Incident Response Teams services encompass a wide range of offerings, including communication packages, data packages, penetration test kits, triage kits, and the ability to seize a substantial number of electronic assets for further analysis. On-site acquisition is typically facilitated through cloning devices, depending on the client’s requirements for logical or physical data acquisition. Furthermore, we have the capacity to swiftly clone cellular devices for in-depth analysis. For cellular devices, we favor GMDSoft, we are also proficient in generating portable case files for convenient off-site analysis. Our Incident Response Team is typically composed of a Team Leader, complemented by specialists who handle equipment acquisition, triage, and, if needed, assist in implementing network lock-downs. Our team possesses extensive expertise, particularly in responding to ransomware and fraud incidents.

We leverage world-leading cryptocurrency investigation tool-sets to enhance our capabilities in investigating cryptocurrency transactions, both domestically and internationally. The process of tracing cryptocurrencies and tracking fund movements demands a meticulous investigative approach. The requisite skills extend far beyond a mere understanding of the blockchain and necessitate the use of customized software to delve deeper than what the blockchain itself reveals. Our cryptocurrency investigation services are accessible within South Africa and are extended to clients on a global scale.

TRM Labs provides one cohesive platform to screen, monitor and investigate cryptocurrency wallets, transactions and entities.

Open Source Intelligence (OSINT) entails the systematic gathering of data from publicly available sources, including both databases and openly accessible information. This information is sourced from a variety of places, including public and private databases, the surface web, the deep web, and the dark web.

One of the more intricate tasks frequently delegated to a Digital Forensics team involves the execution of an Anton Piller order. This undertaking demands thorough planning and preparation before implementation to establish a clear understanding of the court’s mandate, the parameters for executing the order, and to ensure the availability of the necessary tools and equipment for the execution.

Anton Piller orders are renowned for their intricacy and associated costs, often initiated through ex-parte motions before the court, to obtain exhibits. These exhibits frequently encompass items such as hard drives, USB devices, and laptops, which is where our expertise comes into play. Our team can swiftly deploy to the designated site with a field acquisition protocol in place, maximizing the data acquisition permitted by the court while meticulously adhering to the appropriate chain of custody procedures throughout the process. This adherence is paramount in such projects, as failure to comply with the correct chain of custody protocols can result in valuable evidence being deemed inadmissible in court due to improper acquisition.

Our acquisition team members are extensively trained to comprehend the forensic protocols we uphold as best practices. They are further supported by a field administrator who ensures that all paperwork is impeccably maintained in every aspect. Furthermore, we offer our expertise to guide and assist in the preparation of an Anton Piller order, ensuring that all potential scenarios, including cloud acquisitions, are comprehensively addressed.