Crime Scene Forensics

True Lies provides a host of services in terms of crime scene forensics. From basic fingerprint examinations to collection of various forms of evidence, the recording of the scene via photographs and/or plans, etc. 

Having consulted in various high-profile cases, the Marietjie de Klerk murder, Dina Rodrigues – baby Jordon Lee Norton murder, the Inge Lotz murder, to name a few, our resident expert Mike Grace is a highly accredited Fingerprint Expert, Forensic Examiner of Crime Scenes and a Forensic Photographer. He consults exclusively on behalf of True Lies in so far as these role-functions. His credentials, listed below, speak for themselves, as do his various competencies.  

There are multiple aspects which will influence the possibility of us being able to forensically examine any given piece of potential evidence. This includes the surface of the item, the ambient temperature at which the evidence has been kept and the way in which they have been handled by the relevant individuals involved, be it suspect or otherwise. Please note that it is of utmost importance that all potential evidence is handled and conserved in such a way as to avoid contamination.

Digital Forensics

In terms of digital forensics, True Lies is able to offer the following as an inherent part of any given investigation and/or a stand-alone service: 



We offer a full chain of custody from seizure to disposal of exhibits. We operate within industry standards and norms including the use of Faraday bags, Tamper Proof bags and secure transport where required. All exhibits are catalogued, signed for in duplicate and entered into the company’s Safe Register on arrival. Standard key-holder security levels apply and all exhibits are stored within a fireproof safe. Our offices have the required security and access control levels to meet chain of custody requirements.  


We have our own bespoke lab facility in Cape Town which features an insular network, signal blocked working environment, server infrastructure as well as the required tools and equipment for forensic tasks. Our lab facility is CCTV monitored with biometric access control and 24/7 security.  


On site triage is an important aspect of forensic analysis as it affords us the opportunity to isolate and prioritise exhibits according to the client brief. We use various tools during the triage process, the first being Magnet Axiom Triage, Paraben, C.A.I.N.E or FTK. These are well respected tools within the industry and assist with the identification of potential exhibits. On site time is dramatically reduced by having the proper toolset.  


Seizure of exhibits can make or break a case when it comes to presenting it to a court. The exhibits need to be properly identified, handled and catalogued. Marking of exhibits to enter the chain of custody is key - this includes capture of live RAM if this is appropriate to the investigative need.  


Forensic clones require precision and the best available equipment for this task to ensure consistent and court-approved results. We favour the UReach family of cloning devices for this service.  

We recommend the creation of TWO clones, one for evidentiary purposes and one for analysis. Forensic clones include the generation of a MD5 Hash to verify the cloning. 


Once a forensic clone is achieved, it still needs to be interrogated, deleted data recovered and made accessible. This needs to be done in a sound manner in order to preserve the evidence. For this task we use a variety of toolsets, however, our preference is for Magnet Axiom as an industry leader. Magnet Axiom provides two core options for analysis. The first is to provide output reports of flagged evidence and items of interest in pdf or html format. The second is to provide a Portable Case File which can be searched and indexed by a competent investigator.  


Mobile device acquisition, including creating a dump file as a portable case file, is a high demand service and depends on a variety of factors which influence complexity. Our services are divided as follows: 

  • Acquisition of a mobile handset including creating a portable case file. 
  • Bypassing of screen locks/key locks on most varieties of phones. 
  • Analysis of the results. 

For mobile handsets we prefer Magnet Examine/Paraben/Cellebrite.  



Penetration testing highlights core strengths and weaknesses across the client’s infrastructure.  We have pleasure in offering the following services: 


Black Box Testing/White Box testing. 

Social Engineering/Phishing: (Includes BashBunny testing) 

WiFi Testing: (includes PineApple testing) 


With and without E-Commerce. 


This is a comprehensive audit of security levels and/or risks of a device, whether it may be a laptop, handheld device, cellular phone or workstation. The device is analysed independent of the network it may connect to.  

Contact True Lies directly, in order for as to assist you with your specific requirement.