Digital Forensics and Cyber Incident Response

Our team of qualified digital forensics specialists have advanced digital forensics tools and techniques to support organisations that have experienced cyber fraud incidence threats, compromise or breach. We support organisations in identifying, gathering, preserving, and documenting digital evidence from diverse electronic sources, i.e., computers, mobile phones, servers and other electronic systems for investigation and litigation support.

We identify and reconstruct digital trails, tracing the origins of cyber threats and understanding the tactics, techniques, and procedures employed by malicious actors. We leverage our global Threat Intelligence network to fortify organisations against cyber threats, providing a comprehensive approach to detect, respond, and recover from security incidents in the ever-evolving digital landscape.

How we assist clients

Cyber fraud incident response
Network forensics and log analysis
Digital forensic analysis
Digital forensic training
Cyber fraud risk management training

Cyber fraud incident response

PwC provides a systemic approach to detecting, assessing and mitigating the impact of fraudulent activities in a digital environment. For an organisation that has been faced with a cyber fraud incident, we will take steps to help contain the incident, investigate to determine the extent of the breach and advise on measures to prevent future incidents.

We have supported our clients in different industries in handling cyber incidents. These have included card fraud, mobile banking, online/internet banking, insider threats and phishing. We were able to identify system and process failures that facilitated these frauds to happen and with our recommendations helped our clients to mitigate future fraud risks.

Network forensics and log analysis

To reconstruct the sequence of events leading to a security breach, we utilise forensics tools to capture, record and analyse network traffic and activities to identify security incidents, unauthorised access and malicious behaviour. Combining network forensics and log analysis enables us to gain insights into the nature of the incident, allowing us to respond effectively and advise on how to strengthen your defence against future threats

For the different incident response engagements that we have carried out, we have performed extensive log analysis including but not limited to firewall logs, endpoint logs, Domain Name System logs and Active Directory logs. In addition to helping investigate incidents, this has enabled us to support the IT teams of our clients in strengthening their security posture to detect and deter fraudulent activities.

Digital forensic analysis

At PwC we use specialised tools and techniques to recover, examine and interpret data from computers, mobile devices, storage media and network logs. We follow a structured process to identify, preserve, collect, analyse and present digital evidence in a legally admissible format. Our findings can be used in various contexts including criminal and civil litigation.

For the cyber fraud investigations we have utilised forensic technology tools to acquire, process and analyse system images of machines belonging to identified staff members and reviewed the computer registry, system, application and event logs and email communications obtained from the acquired machines. Our findings have been used by our clients as evidence in litigation and in seeking compensation for damages.

Digital forensic training

We offer digital forensics training to equip your staff with knowledge, skills and techniques to identify digital crimes and security incidents.

We have supported our clients in providing training to their internal audit and IT teams on critical thinking around system and process control gaps, control frameworks and fraud detection.