Digital and cyber forensic investigations
Our team of dedicated forensic technologists has consistently provided digital forensic investigative support to our clients and forensic investigations staff for almost two decades. Our team has a range of experienced personnel who are actively involved in the identification and investigation of computer and cyber related irregularities. The digital forensic solutions include the collection, preservation and analysis of electronic evidence from desktop and laptop computers, servers, cell phones and mobile devices, network infrastructures (both physical or in the Cloud), complex databases, in-house legacy systems and applications.
Using accepted best practices and international guidelines, we’ve worked on several local and international assignments to successfully meet our client’s needs.
Mobile device forensics
Modern smartphones, cell phones, tablets, GPS’ and other mobile devices have the processing speed and storage capacity of an average computer. Most users now store information that was traditionally stored on computers, onto their handheld devices. Minor differences set these devices apart; especially with regards to smartphones and the fact that a lot of what can be done on a computer can be done on these handheld devices.
This evolution in technology has made it possible for digital forensics experts to treat handheld devices in the same manner as computers when it comes to things such as retrieving deleted information and analysing data stored on these devices.
CCTV and Multi Media Forensics
With the large amount of CCTV installations in businesses and homes, there exists ample footage that captures and records the evidence of crimes. PwC assists our clients in collecting and preserving footage and digital images from digital cameras and surveillance networks with the aim of enhancing and analysing the footage for investigative and review purposes. Our specialist digital surveillance enhancement technology comprises of the enhancement of vehicle registration numbers, facial features, the lighting conditions of footage, “noise” contained on footage.
Electronic discovery is a process being utilised throughout the world to assist with investigations, disputes and compliance reviews. Electronic Discovery (or eDisclosure) refers to the process where electronic data is required, then discovered, secured, processed and analysed for relevant data to be used (presented) as evidence. E-Discovery can be applied in relation to Legal hold orders (in a civil or criminal case) or the electronic review and analyses of data. We make use of industry leading procedures and methodology to ensure that the integrity and quality of the data is not compromised, that data is processed in an efficient and cost-effective manner and to ensure a suitable review environment according to our clients’ needs.
Malware, Phishing and Keylogger analyses and investigations
Cybercrime costs corporate entities across industries millions annually with criminals deploying highly sophisticated software applications that covertly capture inter alia keystroke data or other privileged and confidential information, thereby compromising the security and user credentials of. Our experts investigate the presence of phishing emails, malware software and keyloggers and these investigative processes help identify the origin of these phishing attacks. The FTS team leverage off a global network of experts and in-house designed tools and technology such as data breach indicators. Reported cases of malware and attacks against client networks are researched and are used to provide valuable feedback to our clients on the severity of the malware attacks.
Forensic Readiness assessments
Implementing the forensic readiness service enables any organisation to increase the use and credibility of evidence and, in the long run, reduce the various costs related to the investigation of incidents. PwC forensic specialists assist clients to prepare the infrastructure of the organisation to support digital forensic investigations and focus on evidence management related to identification, preservation, handling, retrieving, retention and archiving of evidence. Cyber forensic readiness planning is similar to business continuity management and planning. Dealing with digital evidence is no longer the sole responsibility of the IT department, but becomes an organisation-wide responsibility. Digital information becomes more readily available to assist in management decisions, digital evidence is preserved for possible disciplinary, civil or criminal procedures and an organisation is educated about cyber threats, what to do and who to call.
We make use of industry leading software and hardware to provide a cost-effective solution to recover data that may have been accidentally or intentionally deleted, and which may ultimately result in financial loss to the client – whether it’s the result of a hardware failure, software fault, or the result of negligent or malicious attempts to destroy data. Our class 100 clean room is where we perform data recovery by replacing failed components such as read/write head assemblies, drive motors, logical control components, and other hardware on failed drives.
Digital forensic investigations may involve the investigations of data sets referred to as ‘Big Data’. Big Data describes the size, distributed nature and complexity of the data we analyse within our investigations. Data analytics is conducted on structured as well as unstructured data which includes financial systems, ERP systems, access control applications, employee and vendor databases, telephone management systems, as well as all other types of data. Our data analysts design and use data modelling techniques to view, analyse and process data along the transactional, relational and temporal analytical views. Our data analytics solutions include advanced probity searches/reviews to review employee and vendor credentials and identify potential conflicting relationships.
Forensic training solutions
Our team of dedicated FTS experts are able to provide our clients with training in the specialist forensic areas used by us. The training we supply is largely developed in-house by our trainers and staff, and is an indication of the levels of experience and expertise we have acquired over the past two decades of forensic investigation.
PwC is an authorised training partner of the following training modules:
- EnCase Certified Training
- Digital Forensic First Responder
- XRY Mobile Device Forensic Training
- Mobile Phone Examiner Training
- AccessData Bootcamp
- Computer Forensics First Responder Level 1
- Computer Forensics First Responder Level 2
- Cyber forensic boot camp
- Intella user training
- Internet Evidence Finder user training
- Forensic Card Reader user training – Law Enforcement only