The field of Computer forensics can extract and analyze evidence from digital devices. Our laboratory has a wide range of technical equipment and expertise for conducting a deep analysis of computer used by suspects. In accordance with the CFE certification, our fraud investigation experts have acquired a broad knowledge of the different ways corporate crime and fraud in the government occurs. We operate our examinations following the international standards of ACFE, ISO 27035-27042 and other accepted methodologies.

Our forensic teams are focused on locating evidence and case relevant information, whilst keeping a low profile when visiting the premises of our clients. Our objective is to not alert possible suspects and supportive criminals. When dealing with industrial espionage an operative might still be inside the organization continuing his activities, therefore finding the person is easier if we do not enter the company like a SWAT team.


  • Consulting clients on how to best perform the forensic investigation
  • Document the computer network infrastructure
  • Identification of relevant people and filtering out the relevant time frames
  • Identification of relevant data sources and version whilst locating the systems holding this data
    • Mobile device forensics: mobile devices, Smartphones, cell phones, gps Navigation systems, SIM cards
    • Mail forensics: Mailbox files und Mail server
    • Database forensics: database server, database files (MS SQL, MySQL, Oracle, dBase, XML, …)
    • Server forensics: file server, application server, …
    • Client forensics: Notebooks, NetBooks, Desktops, Workstations, Thinclients
    • Memory card forensics: SD, SDHC, SDXY, CF, microSD, xD, ufs cards, …
    • Flash device forensics: USB flash drives, USB Pen Drives, USB flash cards
    • Hard drive forensics: securing evidence out of hard drives, SSD and external hard drives
    • Optical Storage forensics: DVDs, CDs, etc.
    • Memory forensics: securing evidence out of current memory (RAM) or related temporary files (Pagefile)
    • Backup forensics:  Extracting data out of backup systems and devices (tapes, zip discs, …)
    • Cloud forensics: collecting evidence from online services (e.g. Dropbox, Facebook, …) or virtuall machines inside a Cloud Server
    • Netzwork forensics: Scanning, tracing and shadow copying of data communication to find attack related evidence
    • Forensic analysis of other IT Systems when needed (e.g. Copiers, Fax, Network printers, routers, CCTV, …)
    • App Forensics: investigating, finding traces and usage history relating to smartphone apps (ByLock, Eagle, Line,Signal, Telegraph, Threema, WhatsApp,WeChat, etc.)
  • Developing of emergency plans and backup concepts
  • Advising and assisting in creating lists of devices and systems that have to be provided for a fraud investigation
  • On request of courts and security services we can also conduct evidence location and securing to maintain chain of custody
  • IT forensic backups of relevant digital evidence
  • Evidence management: Documentation of the chain of custody related processes and steps
  • Providing forensic laboratory reports and Expert Analysis papers on forensic investigations