Thursday 11 April 2019

Your regular IT Guy just won't make the grade when it comes to a forensic investigation - and this is why...

We often have clients and potential clients advise us "We'll get our IT guy to look, he's excellent"

Now we're not questioning your IT guys skill or experience in computing in any way whatsoever and we're quite sure he's very capable. That being said, when matters take a legal turn and a forensic approach is needed one has to look at the requirements for the assessment itself.


Firstly, will your IT guy stand up in court? Will be stand under cross examination and be admitted as an expert in his field? Will his deeper understanding of operating systems and data analysis pass scrutiny?

Before you can even consider the legal aspects, you need to appreciate that in forensic terms whatever is done must be replicable in court, properly presented as an impartial finding and of course happen within a secure chain of custody - anything less could put the outcome at risk in a court of law.

Digital Forensics is a highly specialized field which requires training in investigative skills and criminal/ civil law. This is before even going down the road of the technical proficiency and qualifications required to trade in the industry. Beyond this, one requires a veritable arsenal of specialized tools and equipment - even the most basic of lab facilities can cost R500k to equip.

Even the most seasoned IT professionals will not have access to the specialized tool set required and a free Linux tool or two just isn't sufficient. Cybercrimes and Forensic Investigation require the use of tools that will be acceptable to a court and do not alter the data in any manner whatsoever during the process (write blocking), this is of course done with a detailed understanding of the legal processes required to offer up evidence in court.

When engaging a Digital Forensics specialist, you're not just getting a set of hands - you're hiring an investigative professional with specialist skills armed with the latest technologies to ensure that evidence is acquired in a sound manner and correctly presented to court.

When you need a Forensic Investigator, ensure that you're dealing with a suitably qualified professional who has the academic qualifications as well as the track record to appear in court to quantify the evidence acquired and advise you accordingly during the investigation.

Related image

We do all forms of digital forensics such as cyber forensics (penetration testing / hacking recovery / cyber investigations), cellular phone analysis, hard drive analysis, device acquisitions and due diligence investigations. Please contact the TCG Digital Forensics Division on contact@tcgcape.co.za or call 021 110 0422 


Written by Craig Pederson