Case studies
Real investigations. Altered details. Genuine outcomes.
A selection from more than 190 matters delivered since 2018. The ones below are published with client permission and identifying details altered for confidentiality.
馃敀 Based on real events with identifying details altered for confidentiality.
The salesperson who took the client list
A software company's first forensic investigator missed critical evidence of data theft by a departing salesperson. Our re-analysis uncovered USB transfers, CRM extraction, and evidence from old tape backups that proved the theft in Federal Court.
Getting 100 servers back online
A ransomware attack halted production across a complex business. We led the response alongside the company's IT teams, MSP, and MSSP, using networked forensics to scan approximately 100 servers and workstations.
The takeover that uncovered three months of chaos
When an Australian company acquired a foreign website and app with a large user base, strange behaviours forced the site offline. Our emergency investigation separated malicious actions from negligence across source code, cloud infrastructure, and domain records.
The helpdesk that helped itself
A business suspected its managed service provider was accessing commercially sensitive information without consent. Our forensic acquisition and analysis confirmed the MSP connected without explicit permission but found no evidence of data access beyond the support ticket scope.
The key that never left the vault
A government department alleged that a multinational technology company had publicly disclosed a private key from a server certificate. Our investigation found the key had been protected with a password so strong it would cost millions to crack, and we delivered an Expert's Report addressing every concern.
One click, ten thousand targets
A targeted phishing attack compromised a marketing executive's O365 account, exposing thousands of business contacts to a coordinated phishing campaign. NDF mapped the breach, contained the spread, and coordinated with Google and Microsoft to shut down the attack infrastructure.
Evidence across hemispheres
A UK cyber security firm needed forensic evidence acquired in Australia to international standards. NDF collected, encrypted, and delivered forensic copies within hours, complete with a written statement of the acquisition process.
The anonymous account that wasn't
A medium-sized contractor was targeted by defamatory comments from an anonymous Facebook account. NDF analysed post metadata and patterns to narrow the suspects to four individuals. A solicitor's letter drew one extreme reaction, and the defamatory post was removed days later.
The cameras that caught the cleaners
A building management company suspected its cleaning contractor was not performing agreed services. NDF acquired hard drive evidence, conducted motion analysis of CCTV footage across many days, and produced finished video evidence that supported contract termination.
Unlocking a life left behind
A solicitor needed to access a deceased executive's password-protected Apple Mac to retrieve financial documents and personal photos for the family. NDF combined knowledge of the individual's life with technical bypass techniques to successfully unlock the device.
Following the stream to its source
Video streaming servers delivering pirated content were hidden behind a CDN. NDF traced the infrastructure across jurisdictions and analysed financial records to pinpoint the company responsible, enabling the IP lawyer to take action.
The deleted ticket home
A regional NSW business discovered significant money was missing and a business partner had fled the country. NDF forensically examined the abandoned company laptop and recovered a deleted air ticket showing a return flight to Sydney within three months.
The clock that lied
A high-tech manufacturing company suspected an employee of stealing proprietary designs. NDF found the laptop had been erased and the system clock deliberately altered to provide a misleading date. We established the likely true timeframe and enabled the company to negotiate from a position of evidence.
The breach with too many suspects
A professional services firm suffered a ransomware attack on cloud virtual servers with multiple contractors and MSPs involved. NDF confirmed files had been exfiltrated, identified the cause of the breach, and helped the firm meet its notification obligations.
The filter that wasn't there
A young student was allegedly exposed to inappropriate images on a school computer. NDF assessed the school's internet safety practices and found that proper search filtering or network blocking could have prevented the incident. The school settled and established a trust fund for the student.
The court order that wasn't
A boutique litigation firm received a suspicious email disguised as a court order. Our analysis revealed the PDF contained a keylogger that no commercial virus scanner had yet identified.
The devices that never left the room
A high net worth entrepreneur subject to a foreign court order required device inspection without any data leaving the premises. NDF conducted all acquisition, analysis, and reporting on-site with the client's agents observing, satisfying the court order while maintaining complete data security.
Want to know more?
We can walk you through relevant examples from our experience. No obligation.
1300 123 099