Practice Areas

Digital (Computer Forensics) is a rapidly growing field in South Africa. With new startups venturing into the market all the time, it’s improtant to ensure that you’re always dealing with a reputable business that is well established and has the right credentials.

What we refer to as Digital Forensics. We have a full lab facility including best of breed software such as Magnet Axiom to ensure that we deliver time after time with the most presentable, user friendly results to our lab processes. We follow international standards to assure our clients of best practices and best results. Our lab facility is open to inspection on qualified request and only by appointment.

With the advent of smart phones, investigators and attorneys have been faced with a new challenge. The knowledge that critical evidence exists and rests within that handset is a cause of frustration if one cannot access it in a forensically sound manner.

We offer two levels of accessibility to handsets, namely logical and physical acquisition. Logical being a direct clone of all the data on the cellular handset and physical being a complete clone of the entire device including deleted information that may still be accessible. We use the very latest technologies for accessing the above and for more complicated matters we are able to offer JTAG and Chip-Off services. As with most of our forensic services, we are able to offer a portable case file so that the data can be analysed at your convenience.

We do offer an analysis and linking service should you require. Please note that while we do offer these services directly at our Cape Town and Pretoria offices, however these can be time consuming in terms of the size and complexity of the handset and as such run a standard 72 hour lead time on cellular forensics. Equally we must be explicit – we will not recover your wife’s / husband’s / girlfriend’s or boyfriend’s WhatsApp’s, locate their phone in the dead of night or recover images from their handsets. We require written consent of the owner of the device before work commences and we do not accept any matrimonial work unless directed to us through an attorney.

So, you’re worried that your phone has been hacked and cyber criminals are potentially spying. YES – it is possible for them to access your private information such as your online banking and social media account and pass it along to fraudsters.

In most spyware or malware cases, you will not notice your device is infected because it will be operating silently in the background, is barely noticeable and can disguise itself as an authentic application.

Here are some signs that could indicate an infection…

• Frequent pop-up adverts
• Fast battery drain
• Random shutting down
• Strange messages
• Performance problems
• Fast data usage
• Crashing apps

Remove all traces of any spyware or malware from your cell phone with our affordable, effective cellphone debugging services. Here’s what we offer:

Walk-in: The cell phone must be brought into one of our offices in either Cape Town or Pretoria. Please note you MUST book 24 hours in advance – we cannot perform a scan without a booking. (This will take about one hour depending on the size of your cell phone’s memory.)

Couriered: We will collect your cell phone by courier, ship it to our Cape Town or Pretoria office, check it and debug it if need be, and then send the report and the phone back to you. (This will take about four business days depending on the size of your cell phone’s memory.)

A CFE (Certified Fraud Examiner) is an individual with a range of skills that is not often found in any other career field. CFEs combine an extensive knowledge of financial transactions with an understanding of investigations and law to settle fraud claims.

A CFE offers a unique set of expertise in detecting, preventing and then investigating fraud – allowing your business to uncover fraud sooner and avoid losses that can negatively affect your organization. No organisation is completely safe from fraud and the damage that it can cause. From large corporations to small family-run businesses, fraud is often inescapable, resulting in a devastating outcome. Our CFEs in South Africa can protect you, your organisation and strengthen your overall anti-fraud efforts. We offer a range of digital forensics services including CFE in South Africa which can protect you, your organisation and strengthen your overall anti-fraud efforts. Are you looking for a CFE (Certified Fraud Examiner) in South Africa to conduct digital fraud investigations? Feel free to contact us if you wish to discuss your specific requirements.

Online Fraud, supplier fraud, identity theft and corporate identity theft are on the rise in South Africa. Business hubs such as Cape Town, Pretoria and Johannesburg are awash with crime syndicates who have perfected the art of commercial identity theft.

Our internal analysts will review the circumstances of any attempt or loss and assist with the investigative process. We have abilities within the areas of e-mail tracing, cellular phone tracing and, of course, suspect baiting. Our teams are familiar with the different role players in this market and are constantly staying abreast of the latest trends. We invite you to join our newsletter to stay abreast of the latest trends in online fraud and scams. Forewarned will always be forearmed. Again, we are privileged to have a qualified psychologist on hand with experience in cyber security that is able to guide and advise us in building a suspect profile when required.

Within the realm of network and online security it is often necessary to conduct penetration tests in a controlled manner to highlight network vulnerabilities.

This obviously has to be conducted in the context of existing threats and known vulnerabilities as well as up-to-date insight into how the cyber security field is growing and changing. Our Pen Test team is able to conduct deep scans of your network using a deployed agent and remote access as well as conducting testing on the physical layer. We provide comprehensive reporting and analysis of our findings complete with recommendations for remediation of the highlighted vulnerabilities. Much as one would conduct a security review of a home to ensure that it’s as safe as it can reasonably be, our specialists take an outside-in approach. Penetration testing is the electronic equivalent of breaking into your own building to highlight the risk areas so that these can be addressed.

As such we provide a hardware based cloning service which incorporates MD5 hash comparison to ensure that we have a 100% image of the source drive.

Our Cape Town and Pretoria offices are suitably equipped to provide this as an in-house or on-site service subject to availability. This service is generally a component of our Incident Response Service (hyperlink to page) however it can be used independently should you so require.

We offer a digital due diligence service and work in conjunction with seasoned commercial investigators and private investigators as required to build a comprehensive picture of companies and individuals.

Our services include reputational management, digital tracing, company ownerships, lifestyle analysis and cross linking. Should you require our services in this regard, we invite you to make contact with us directly to set up an appointment at our Cape Town or Pretoria offices, alternatively to engage in a skype or telephone conversation around your direct needs. We engage with local and international companies to perform due diligence reports on a retainer basis as well as ad-hoc. Reputational management services are by retainer or via our Incident Response Team Services.

Hacking is a reality of online connectivity. In a marketplace where businesses are heavily dependent on online access to data as well as services to conduct business.

Our Incident Response Team is generally the first step in recovering from a systems breach. While most companies have in-house and contracted skills to manage and administer their network, it’s not uncommon that outside specialist skills are needed to recover from a serious breach. Our team are spread between Cape Town, Pretoria, London and Sofia and largely work via remote connection.

This enables us to function 24 hours a day if required to restore network integrity. A key component of this service is the ability to gain rapid insight into the structure of the network, analyse any malware that is located and develop pattern matching of the attacker. We are one of a handful of companies worldwide who have an on-call psychologist with a solid IT Security foundation to guide us in profiling an attacker, understanding their patterns and, of course, their motivation.

Coupled with the appropriate skillsets, this enables us to predict the next course of the threat and counter it appropriately. Our strategic partnership with Data Keepers (hyperlink) means that we are able to offer a broad range of disaster recovery options in the server-on-demand area. Cloud Based services are an integral part of the modern Disaster Recovery Plan where otherwise costly replacement servers can be used on a scalable basis to restore network access rapidly and reliably.

We offer detailed drive analysis and recovery of artefacts all in one. Using a physical image of the hard disk drive, we are able to provide a deep scan of deleted items and trace elements from a hard disk drive.

We use world leader Magnet Axiom for hard disk drive analysis along with a handful of proprietary tools and industry accepted technologies. While we are able to offer on-site triage and acquisition, data analysis is best done within our lab as it is a time consuming and resource intensive operation.

We run the latest i7 processing units to minimise analysis time and deliver fast results in the form of a portable case file that you may interrogate at your convenience. We follow a full secure chain of custody from device acquisition through to analysis and return of exhibits. Our lab facility is based in Cape Town and available for quantified inspection should this be required. In the normal course of business our lab has been inspected by various official agencies and corporate entities for compliance.

While we would dearly love to provide a “CSI” type service where the smallest reflection in someone’s sunglasses reveals a crystal clear image of a suspect – this is limited to what we term “the elusive Hollywood” computer system.

We will gladly review your image(s) at our Cape Town or Pretoria offices and offer you a no-charge assessment of how much adaptive work can be done with the images you have available. From that point we will be able to offer an estimate of costs.

Our IRT is able to deploy to your site quickly based on your incident response plan or, of course, our incident manager will work with you to create a plan based on your specific requirements if you do not have one.

Our IRT services include communications packages, data packages, penetration test kits, triage kits and the ability to seize a large number of electronic assets for analysis. On-site acquisition is typically via UR each cloning devices depending on the clients requirements for either a logical or physical acquisition.

We are equally able to clone cellular devices on the fly for detailed analysis. For cellular devices we favour world leaders Cellebrite or Magnet. While deep diving of data (analysis) is capably handled by Magnet Axiom. We are able to generate portable case files for your convenience and off-site analysis.

Our Incident Response Team is typically comprised of a Team Leader, and then augmented by specialists who will acquire identified equipment, perform triage and if necessary assist with network lockdowns. Our Cape Town team has a wide area of expertise including ransomware and fraud response.

While our core Incident Response Teams are based in Cape Town and Pretoria, we are none the less able to mobilise skills to most countries on the African continent.

Our IRT has been deployed on average twice a month over the past year around the country to assist companies that have been affected by ransomware, subject to internal fraud, online fraud or have been compromised internally by syndicates.

In the background, our IRT is supported by a dedicated service desk that conducts active research while the team is on the ground, ensuing that information is current and accessible at all times.

As a value added service to our clients abroad, we are offering a summons processing/service in South Africa.

We are able to affect the service of legal processing/summons in the following areas in South Africa:

In most spyware or malware cases, you will not notice your device is infected because it will be operating silently in the background, is barely noticeable and can disguise itself as an authentic application.

• Cape Town
• Durban
• Johannesburg

Please note that we may be available to offer our services to clients in other, additional areas on request. Service is executed by experienced process servers with supporting statements issued and commissioned to that effect. Generally we offer summons processing/services around the needs of attorneys, investigators and forensics audits, but we also cover a wider scope.

For additional information or discussions around the serving of legal process/summons in South Africa as well as additional areas, please do not hesitate to make contact with us directly.

A CFE (Certified Fraud Examiner) is an individual with a range of skills that is not often found in any other career field. CFEs combine an extensive knowledge of financial transactions with an understanding of investigations and law to settle fraud claims.

A CFE offers a unique set of expertise in detecting, preventing and then investigating fraud – allowing your business to uncover fraud sooner and avoid losses that can negatively affect your organization. No organisation is completely safe from fraud and the damage that it can cause. From large corporations to small family-run businesses, fraud is often inescapable, resulting in a devastating outcome.

Our CFEs in South Africa can protect you, your organisation and strengthen your overall anti-fraud efforts. We offer a range of digital forensics services including CFE in South Africa which can protect you, your organisation and strengthen your overall anti-fraud efforts. Are you looking for a CFE (Certified Fraud Examiner) in South Africa to conduct digital fraud investigations? Feel free to contact us if you wish to discuss your specific requirements.

We use the worlds leading Crypto Currency investigation toolsets to further our investigations around crypto transactions both locally and internationally.

Tracing of cryptocurrencies and the movement of funds is a meticulous investigative task. The skills requirement goes well beyond an understanding of the blockchain and does require custom software to reach beyond what the blockchain itself can show. Our internal Cryptocurrency expert, Thor Pedersen is not only familiar with large and complex sets of financial data – he brings this experience to bear as a Certified Crypto Currency Investigator and Auditor.

Our Cryptocurrency investigation services are available in South Africa and to clients on a global scale. We also offer tailored courses and small group instruction for accredited Law Enforcement groups. TCG Digital Forensics is at the forefront of Crypto Currency Investigation in South Africa with several years of proven experience on high-value, complex investigations. We welcome the opportunity to discuss your induvial requirements including:

• Cryto Currency Investigations (Bitcoin / Ethereum etc.)
• Crypto Auditing
• Flow of funds analysis
• AML based Investigations
• Crypto Asset Tracking

** Please note: as Crypto is a highly complex field, we do not offer this service on a contingency basis.

Open Source Intelligence refers to the use of publicly accessible information as well as databases to collect information in a structured manner. Information is gained from Public and Private Databases, the surface web, the deep web and the dark web.