Computer Forensic Services

Gather evidence through our computer forensic services.

The internet is a wonderful tool that has become ingrained in our daily lives. We use it for keeping in touch with friends, doing business, locating goods and services, teaching, learning and much more. Despite this, the internet is also a source of funding for fraudsters and organised crime gangs that operate undetected to the average internet user.

A study conducted by security vendor AVG has found that Australia ranks highest in the world for instances of cyber crime, with 39% of survey respondents having fallen victim to cyber crime, compared to 28% of American respondents and just 1% of respondents from Spain and Sweden.

Lyonswood has a great deal of experience in dealing with instances of cyber crime, with an in-house computer forensics team that deals with data recovery, discovery and retrieval at our purpose-equipped premises. Unlike others in the field, we do not outsource your data and corporate intellectual property to third parties, ensuring that you can trust Lyonswood with even the most delicate of matters to do with cyber crime.

At Lyonswood, we have seen a rapid increase in the amount of enquiries received from victims of internet crime over the years, as technologies get more sophisticated and more people are fooled. Many instances of internet fraud go unreported – we believe that the percentage of victims is far greater than the statistics would indicate. To respond to this increase, we have boosted our in-house team by enlisting the help of skilled forensic technicians who are constantly improving their skills and qualifications to keep abreast of developments in detection and deception.

Lyonswood Forensics Team: Computer Hacking Forensic Investigator

There are very few certified computer hacking forensic investigators (CHFI) in the world – at Lyonswood, we are pleased to have Australia’s first qualified investigators that specialise in computer hacking forensics.

The EC Council’s CHFI certification is a course that teaches the skills, provides the knowledge, and gives a person the tools needed to catch cyber-thieves. By training someone to use the same pathways, backdoors, network weaknesses, and computer programs the hackers use, the penetration tester becomes the hackers enemy.

Hackers are not the only threat to companies:  employees who believe they are being treated unfairly can cause a system shutdown, or commit industrial espionage. By using a certified hacker, these employees can be identified and prosecuted. Law enforcement agencies can use the services of a EC-Council CHFI-certified employee to trace website owners and servers used in criminal activity. With these traces a criminal who thought they were totally anonymous become totally findable.

Prevention is key when protecting files of a confidential nature in most computers. Large corporations like banks, insurance companies and law firms all keep confidential information that, if attacked, could end up harming thousands of customers. By performing internal computer audits, any threat can be neutralised before it becomes active. All hackers leave a trail when first entering a system – computer forensics investigators can detect these traces and close down their pathways before any real damage is done.

Employees may hurt a company by deleting, destroying or encrypting files – a computer forensics investigator can recover these files and follow the hacker’s trail, tracing the employee who committed the crime.

For both individuals and businesses, email fraud is becoming a growing concern. Once these crimes have been committed, it is often hard to prosecute anyone due to the vast resources available to the criminal – however, once again, they are trackable with the assistance of a certified forensics investigator.

Network security should never be overlooked – avoid becoming vulnerable by ensuring that internal computer audits are performed on a regular basis by a trained and certified professional.



One of the most common problems Lyonswood comes across when assisting clients with the acquisition of forensic digital data is that, often, the data suspected of containing vital evidence has not been secured quickly enough nor in a fashion that will assist the forensic process. The more time that passed, the more likely that data will become vulnerable to removal or tampering, making the forensic recovery process more costly, with less of a chance of being successful in discovering useful evidence.

Below are some key tasks that victims of digital crime ought to employ as soon as they become aware that they may in fact be victims of virtual crime on their laptops, mobile phones, tablets or other electronic device (including back-up discs and USB sticks):

  • Immediately turn off the device. In the case of USBs, external hard drives or any other storage device, remove them from the main appliance.
  • Once the device is turned off or removed, label the device externally with the date and time of securing, along with a serial number of the device or some other identifier, such as a part or model number.
  • Sign the label and, where possible, have a witness/es sign and confirm the details on the label.
  • Place the device in a secured location (such as a locked safe), preferably away from the workplace. If there is more than one device being secured, number them in sequence.

In the early stages of a forensic investigation, this is the most vital process to assist in ensuring that the integrity of the evidence is protected, so that if/when it is called upon in a court of law, it has the best chance of being accepted and the least chance of being successfully challenged.


PHISHING: The act of tricking someone into giving a fraudster confidential information, or tricking them into doing someting they wouldn’t do, or internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords.

Case study: A young woman was about to divulge her bank account details to  a male she had become involved with on a chat line and her father became suspicious, so they approached Lyonswood with their case. She was convinced that he was a Russian businessman living in London who was seeking a relationship with  a view to marriage. She had been speaking to him over the phone, and to demonstrate his genuineness and to give her confidence in his honesty, he had sent her his U.K. drivers license and a copy of his Russian Passport. He told her that he would send her $10,000.00 so that she could travel to the U.K. and meet him. Then, he asked her for her passport and drivers license so that he could be certain who she said she was and to give him confidence that when he deposited the money into her account it was going to a real person and not a fraudster. He told her that if she sent her bank details he would make a direct deposit. He also sent her his address and his business address, which both seemed genuine when the woman checked them herself.

As can be understood after becoming emotionally invested in this relationship, it took a lot to get the woman on our side as she did not wish to look stupid and, we suspect, didn’t want her heart broken. To begin our investigation, we requested our colleagues in the U.K. to send us details of the occupants of these addresses – they did not match up with the names she had been provided. In fact, the resident of the house was a bishop in the Anglican church. With our client still not convinced and making excuses for these discrepancies we requested a copy of a standard U.K. drivers license. The license we were provided did not match the one she had been given and now she questioned as to whether different countries had different licenses – there was only one format for this type of drivers license throughout the U.K.

There were many other discrepancies in the documents he provided her. For example, the passport photo was placed over the passport stamp and thus it was clear that the photo had been cut and pasted over an existing passport photo, probably one this fraudster had phished from another victim. This type of fraudster gathers and trades identities with other phishing fraudsters on line.

Fortunately our client had not provided her passport or drivers license. However, she had provided her name and address details. The objective of the fraudster was to gain access to her bank account and clean it out. This fraudster was very patient and had groomed out client over many months. No doubt this person had groomed many others over that same period and we suspect many of those would not have been as lucky as our client.

COMPUTER FRAUD: There are many ways for fraudsters to take from you your hard earned cash, clear out your bank accounts and even defraud you for your other assets, such as motor vehicles and boats. The way this is generally done is through convincing yet fraudulent documentation. Note: you should never e-mail documents that prove your identity such as drivers licenses and passports. Once a clever fraudster has these, they virtually have your identity and can cut and paste photos of themselves or other persons over the existing photos or even use them and pretend they are you to defraud others.


One would hope by now that any e-mails you receive that offer large sums of money just for assisting someone to deposit some alleged fortune that has somehow come their way, are now well and truly ignored and deleted. These are generally referred to as Nigerian Scams and mostly originate out of Africa however there is a recent shift of this type of fraud to Mexico and South America.

Letters that allege they are from a bank, just because you may happen to have deposits with this bank, should also be disregarded. Lets face it, with only 4 major banks in this country, they have a 25% chance of getting lucky when they send an unsolicited e-mail. Banks rarely send e-mails of this type, particularly ones that  ask you to verify your account numbers and passwords.

The fact that someone has details about you doesn’t necessarily mean they obtained those details from you. Clever fraudsters search discarded rubbish from bins at night and steal you mail from your letter box to gain this information and if they obtain a copy of a bank statement then they most likely have your account numbers and balance. All they need then is your password.  It is not uncommon for these fraudsters to scan in your stolen bank statements and send them to you via a fabricated bank e-mail complete with logos that they have cut and pasted form the internet. The really smart ones even provide a telephone number for you to call to verify that the e-mail is genuine. The phone will answer and a voice will cleverly convince you that you have in fact called your bank. Always check the number and see that it corresponds with those of your bank. If it doesn’t then its likely to be a fraud.


Today, with great ease, anyone can open an e-mail account or set up a website with total anonymity. The most powerful vehicle in the world today is not a V12 sports car, it’s the internet and you don’t have to prove who you are to get on board and drive it. Devious, nasty and greedy people use it every day to take revenge and manifest themselves in peoples lives in a threatening, slanderous and Malicious manner.

Lyonswood Investigations and Forensic Group receives inquiries every week relating to unknown e-mail senders making threats. There are ways to discover the identity of the person making the threats.


Work stations/notebooks/blackberries/ mobile phones/ i-pods / memory sticks/CF cards

Lost data, data suspected of being copied and transported elsewhere (Stolen data), data that might breach laws, codes of ethics or workplace and privacy guidelines is often sought as a vital piece of evidence required to identify the sender, the person receiving the data or the thief. Today, the act of industrial espionage is mostly carried out via the internet and it’s big business.

Disloyal employees are regularly selling information to your opposition or feathering their own nest by transporting your intellectual property before they jump ship to your competitor.

Lyonswood Investigations and Forensic Group has a good track record of recovering the evidence even though the persons responsible have attempted to cover their tracks. This is where Lyonswood Investigations and Forensic Groups Forensic I.T. specialists have the edge on these fraudsters through skilled professionals with the latest techniques backed up by state of the art software programs. We have many satisfied clients that we have assisted to get their businesses and lives back on track.

Sometimes the issues are simple and others far more complex. Maybe you have lost those very important baby, family or holiday photos through a malfunctioning micro drive or CF card. Lyonswood Investigations and Forensic Group can probably help you retrieve them.


Today, children are teethed on computers. Children are using computers before they start schooling and thus become very proficient at using them, quite often even more proficient than their parents. This is where vigilance is required and quite often not able to be provided because the parents are nowhere as savvy as their children.

When most parents were children computers were either at their infancy or not even existent. Very devious and clever criminals including those who might want to hurt your child or sexually abuse that child trawl the internet pretending to be comparative age group piers and deceive these young people into all sorts of  very dangerous behavior including but not limited to, disclosing their address, school, times when their parents wont be at home or away on leave and even sending photos of themselves  and even naked.

If you have reason to suspect your child might be exposed to one of these practices  or perhaps require software to minimize exposure to these risks, Lyonswood can assist you to have peace of mind.


Attacks on Wireless Networks
Wireless networking enables devices within a certain distance, to be able to use computing resources without being physically connected to a network. These days many devices (desktop/laptop computer, smartphones, iPhone, Blackberry) are fully dependant on wireless connectivity in order to transfer various communications and data. Devices often use mobile phone networks however when back at home or the office a local wireless network is automatically joined for continued and fast, Internet access. Wireless ‘hot spots’ are on the increase and everyone is used them to stay connected.

Once a device relies not on a physical cable but on wireless network technology the risk to security increases tremendously. With the right tools and expertise unauthorised access can be achieved within a few minutes. If a wireless network is configured well, these attempts may still only take in the order of minutes before a successful connection is made to the network. Often once this connection is made, access is automatically gained to the whole company wired internal network.

Wireless networks whether they be at home or within a corporate environment, boast ranges typically of 50-100 metres. The implications of this are that an attacker could be sitting in a coffee shop down the street from the residence or office, making repeated attempts. If at first unsuccessful, an attacker can record (sniff) traffic and save it for examination and decoding later. Commonly implemented WEP, WPA2 and other encryption increases the difficulty for an attacker to infiltrate a wireless network however typical success can still be in the order of minutes.

There is great need for wireless networks hosted at your home or office to be tested so that security can be assessed action taken to ensure security is optimal.

Rogue Wireless Access Points
Another challenge relating to wireless networks has a different slant to it.

Just how secure is your wired network if one of your co-workers has brought into the office a wireless access point, and discretely plugged it into the wired network? This is a very simply task resulting in the wired network being accessible by any device connected to the wireless access point.  Instantly, full access can be gained to the networked computers from 50 or 100 metres away!

Scanning of wired and wireless networks in the workplace or home is paramount for the ongoing security of a network, to ensure that unauthorised devices are not connecting and transmitting data from the network.

Lyonswood can consult and set up your wireless network and penetration test that network to minimise risks of rogue attacks upon your systems and intellectual property.


Lyonswoods technicians are trained in the latest techniques and the use of state of the art software developed to discover the threads of evidence and imprints that these fraudsters leave behind. One of the tools we use is the software product EnCase.
EnCase Forensic software is the current industry standard in computer forensic investigation technology.

With an intuitive GUI, superior analytics, enhanced email/Internet support and a powerful scripting engine, EnCase provides investigators with a single tool, capable of conducting large-scale and complex investigations from beginning to end. Law enforcement officers, government/corporate investigators and consultants around the world benefit from the power of EnCase Forensic in a way that far exceeds any other forensic solution.

  • Acquire data in a forensically sound manner using software with an unparalleled record in courts worldwide.
  • Investigate and analyze multiple platforms — Windows, Linux, AIX, OS X, Solaris and more — using a single tool.
  • Save days, if not weeks, of analysis time by automating complex and routine tasks with prebuilt EnScript® modules, such as Initialized Case and Event Log analysis.
  • Find information despite efforts to hide, cloak or delete.
  • Easily manage large volumes of computer evidence, viewing all relevant files, including “deleted” files, file slack and unallocated space.
  • Transfer evidence files directly to law enforcement or legal representatives as necessary.
  • Review options allow non-investigators, such as attorneys, to review evidence with ease.
  • Reporting options enable quick report preparation.
Contact Us