If you believe the integrity of your business systems has been compromised, you need an expert who knows where to look to identify the crime, to preserve the evidence and provide a clear and concise report to the business on what happened, how it happened and what should be done to prevent any repeat.

You need someone who understands the sensitivity and vulnerability of electronic evidence, how to preserve that evidence for analysis and then present that evidence to a business or court. At Forensic IT — that is what we do.


System Compromise Investigations.png

Cyber Incident Response

During recent years we have seen a huge increase in Ransomware, Spear Phishing attacks and in particular, Cloud hosted email and invoice compromise. Attackers have been able to exploit weaknesses in business IT systems as well as the naivety of users, resulting in the substantial loss of data and money. 

False Billing stats for 2020 record 13,000 events at a total cost of $18 million. (Scam statistics | Scamwatch)

Ransomware attacks have not only increased but the amount being demanded for decryption has rocketed to hundreds of thousands of dollars. 


False Billing

Mobile Device Extraction & Analysis.png
Forensic Analysis.png
eDiscovery and Litigation Support.png
Fraud and Financial Investigations.png
Search Orders.png

Mobile Device Extraction & Analysis

Our primary mobile device examination tool is the Cellebrite UFED mobile device system, which is a global leader in the extraction and analysis of data from mobile devices.

Using Cellebrite, we can perform physical, logical or file system extractions of current and old mobile phones, smartphones, tablets and GPS devices. Our extractions also include the recovery of deleted data such as call logs and text messages as well as extracting data from SIM and memory cards where possible.

Forensic Analysis

Forensic analysis involves the examination of electronic devices and the presentation of facts and opinion regarding the data examined. Analysis can be used to identify matters including theft of intellectual property, inappropriate use of IT in the workplace, and recovery of deleted data.

eDiscovery and Litigation Support

Forensic IT provides collection, early case assessment (ECA), processing, de-duplication, searching, review and legal export services in regards to eDiscovery and litigation support matters. We apply forensic data preservation methods to the capture of electronically stored information (ESI) where appropriate so that metadata is preserved from the time of collection.

Fraud and Financial Investigations

We provide forensic investigation services in matters of corporate fraud and financial crime.
Our role typically involves the secure collection of electronically stored information from user computers, servers, phones and accounting systems.  Once the data has been collected we conduct analysis away from the business to identify evidence supporting allegations or concerns.  Where required we can prepare a "brief of evidence" suitable for delivery to law enforcement.

Search Orders (Anton Piller)

We can assist in the preparation and application of civil search orders in relation to the preservation of digital evidence. Most matters we deal with relate to intellectual property theft. Forensic IT staff are also experienced in the execution and participation of government agency search warrants.

Data Preservation.png

Data Preservation

The capture and preservation of computers, business servers and other digital devices in a forensically sound manner is the most important part of every investigation we undertake. We can acquire and backup data from desktop and laptop computers, servers, mobile phones, external hard drives, memory cards, backup tape and the 'cloud' to name a few sources.


We are specialists in the acquisition of data in the event that a business has been placed in Administration or Liquidation and are able to acquire data from live-running servers.

Data Aquisition.png

Covert Data Acquisition

Forensic IT can acquire data from computers and servers covertly without end-user knowledge or disruption to business applications. This service is offered when discretion is needed during an investigation or when access to computers is not available outside of normal business hours. We can also offer this service when the acquisition of email or database servers is required but a service outage is not acceptable.

Expert Testimony.png

Expert Testimony

Forensic IT provides expert report and testimony services. We present digital evidence in a manner that is legally acceptable and easily understood by judge and jury, using clear explanations, visual representations and virtualised computer environments. Forensic IT can also examine reports and evidence provided by other experts.



Organisations that employ best-practise digital security measures may not be impervious to attack, but they are significantly less likely to suffer system compromise.

Critically, if these organisations are the victims of system compromise, they are far better positioned to launch a forensic investigation.

When the Forensic IT team is called in, if the client has in place best-practise security measures, we know we are significantly more likely to find compelling evidence and deliver a positive outcome.

We advise our clients that the risk of:

  • Cloud hosted email (365/Gmail etc) can be easily strengthen and configured to record relevant logs that will substantially assist an investigation.

  • The outcome of a spear phishing attack can be greatly minimised by using two-factor authentication.

  • Losing critical digital evidence can be overcome through strengthened log file and deleted email retention.

  • Simple things can have huge benefits i.e. enforcing strong passwords and 2FA.

Our premises and processes are approved by the Australian Signals Directorate in accordance with Australian Government security requirements.  Security and confidentiality for client data is ensured at every step of the process, including collection, processing, storage and retrieval.  Our clients can have the greatest confidence in our ability to protect their data and interests.