Da Vinci Forensics & Cybersecurity provides digital forensics, cybercrime investigation and compliance-driven security services to organisations in Pretoria and greater Tshwane. As the administrative capital, Pretoria’s organisational landscape is distinct: government departments and state-owned entities, embassies and diplomatic missions, professional bodies, and the law firms and forensic accounting practices that serve them. Their security and evidentiary requirements are shaped by regulation as much as by threat, and that is how we approach the work.
We are headquartered in Cape Town and deliver for Pretoria clients through a combination of remote engagement and scheduled on-site attendance for evidence collection, incident response and proceedings that require our presence.
Compliance-driven security for Pretoria organisations
For many Pretoria organisations, the question is not only “are we secure” but “can we demonstrate it to a regulator, an auditor or a court”. Our advisory work is built around South Africa’s regulatory framework:
- POPIA: security safeguards under section 19, breach notification obligations to the Information Regulator under section 22, and the practical documentation that proves compliance rather than merely claiming it.
- Cybercrimes Act 19 of 2020: reporting obligations, the offences it defines, and what electronic communications service providers and financial institutions are required to do when offences occur.
- King IV: board accountability for technology and information governance, supported by our board-level cybersecurity reporting service.
- AI security and governance: frameworks for organisations adopting AI tools who need to govern data exposure, vendor risk and acceptable use before a regulator or client asks.
For entities that work with or within government, we scope engagements with the relevant information security policies and clearance realities in mind, and we are comfortable operating under strict confidentiality frameworks.
Cybercrime investigation and working alongside SAPS
A private cyber investigation does not replace a SAPS case. It strengthens one. SAPS cybercrime capacity is stretched, and dockets move slowly. What we do for Pretoria clients is preserve the evidence immediately, before logs expire and devices are wiped, map the fraud or intrusion while the trail is fresh, and package findings in a format that supports both the criminal docket and any parallel civil recovery.
If you have already opened a case, we work alongside it. If you have not yet reported the matter, we can advise on how and where to report under the Cybercrimes Act while the forensic work proceeds. Our guide to reporting cybercrime in South Africa covers the practical steps, including how to reach the SAPS cybercrime structures.
Services for Pretoria law firms and forensic accountants
Attorneys and forensic accountants in Pretoria brief us on matters where digital evidence decides the outcome:
- Expert witness work in the Gauteng Division, Pretoria, with reports prepared for admissibility and investigators certified to testify, including the Certified CyberCrime Investigator (CCCI) credential.
- Email and document forensics: header analysis, metadata examination and authenticity disputes in contractual and fraud matters.
- Impersonation and advance-fee fraud investigation: tracing cloned websites, spoofed domains and impersonated personnel back to the operation behind them.
- Digital forensics: forensically sound imaging and analysis of computers, phones and cloud accounts with documented chain of custody.
- OSINT investigations: open-source intelligence for due diligence, asset tracing support and litigation.
How we deliver in Pretoria
Engagements begin with a confidential scoping conversation and a written proposal before any work starts. Advisory, monitoring, penetration testing and most analysis are delivered remotely, which keeps travel out of your invoice. Where a matter requires physical evidence collection or attendance in Pretoria, on-site work is scheduled as part of the engagement, and device transfers between sites follow a documented chain of custody procedure. Urgent matters receive same-day first response: evidence preservation, containment guidance and initial triage.
Frequently asked questions — Pretoria
Q1. Can you assist if we have already opened a SAPS case? Yes. Private forensic investigation complements the official process. We preserve and analyse evidence, provide reports that support the docket, and keep civil recovery options open while the criminal matter proceeds.
Q2. Do you handle POPIA breach notifications? We assist with the full breach response: establishing what happened forensically, determining whether section 22 notification to the Information Regulator is triggered, and preparing the notification and supporting documentation.
Q3. Do you work with government or state-owned entities? Yes. We scope such engagements with the applicable information security policies and confidentiality requirements in mind and are comfortable operating under strict non-disclosure frameworks.
Q4. Are your reports admissible in court? Our methodology is built around admissibility: forensically sound imaging, documented chain of custody and reporting aligned with the Cybercrimes Act 19 of 2020 and the law of evidence. Our certified investigators are available to testify in the Gauteng Division, Pretoria.
Q5. What are your rates? Investigative and advisory work is billed hourly at a standard rate, with fixed-fee options for defined scopes such as penetration tests and preliminary assessments. Every engagement starts with a written estimate after a confidential scoping call.
Speak to a forensic investigator about your Pretoria matter
Confidential, no-obligation scoping call. Whether it is a compliance question, an active incident or a matter heading to court, we will tell you exactly how we would approach it
Da Vinci Forensics also serves businesses in Cape Town , Nelspruit, and Johannesburg.