Evidence that holds up in court. Intelligence that holds up in front of a judge.
Digital forensics and open-source intelligence are the foundation of DataExpert. We acquire and preserve evidence to courtroom standard across mobile, computer, cloud, image, and video sources — and we run OSINT collection workflows that produce intelligence law enforcement and counsel can rely on. Independent, vendor-agnostic, and led by certified practitioners.
Digital forensics is the discipline of acquiring, preserving, and analysing digital evidence in a way that survives challenge. Our forensics practice covers mobile devices, computers and servers, cloud accounts, network captures, and image and video evidence. We work with the leading tooling — Cellebrite UFED, OpenText EnCase, Magnet AXIOM, Oxygen, Amped — and we maintain chain-of-custody documentation at every step.
Our OSINT practice supports investigations that need to surface what is already public — about a subject, a network, a corporate structure, or an event — without alerting anyone that the work is being done. We use Maltego, custom collection tooling, and structured tradecraft to produce intelligence reports that integrate cleanly with formal investigation case files.
We work on both sides of the investigation: on instruction from law enforcement and regulators, and as expert consultants supporting corporate-investigation teams. Across both, our deliverables — evidence packages, forensic reports, OSINT briefings — are written to be defensible in formal proceedings and to integrate with whatever case-management system you operate.
Forensics and OSINT also feed our other services. The same practitioners who acquire evidence during a breach lead our incident-response investigations. The same OSINT analysts who run subject research support our cryptocurrency-tracing investigations. Bringing both capabilities under one roof means investigations move faster and conclusions are better supported.
Tell us what you're working on. A senior DataExpert operator will be in touch within one business day.
Digital forensics is the scientific discipline of identifying, acquiring, preserving, analysing, and reporting on digital evidence in a manner that satisfies legal, regulatory, or internal-investigation requirements. The practice covers a wide range of data sources — mobile devices, computers, servers, cloud accounts, network traffic, image and video — and applies a common standard of documentation and chain of custody across all of them.
Our forensics practice is aligned with ISO/IEC 27037 (digital-evidence identification, collection, acquisition and preservation) and the wider ISO/IEC 27000 family of standards. We document chain of custody, hash-verify every acquisition, and produce reports that meet the evidential standards of European courts. [VERIFY: any current accreditation references to publish]
We are certified across the major forensics platforms — Cellebrite UFED and Premium, OpenText EnCase, Magnet AXIOM, Oxygen Forensics, Amped Authenticate and FIVE, and Exterro FTK among others. Tool choice depends on the case: device population, jurisdiction, time pressure, and the legal posture of the investigation. We will recommend the right combination during scoping. [VERIFY: full current certification list]
Yes — mobile is one of our core forensics specialisations. We have current Cellebrite certifications and run a fully equipped mobile-acquisition lab in the Netherlands. We support both logical and physical acquisitions, including newer iOS and Android device models, and we can perform on-site acquisitions for time-critical or sensitive cases.
Open-source intelligence — OSINT — is intelligence collected from publicly available sources. We use OSINT in investigations where subject background, corporate-structure mapping, network relationships, or event reconstruction needs to be built up from public sources. OSINT is non-intrusive — done properly, the subject of an investigation does not know it is happening. We combine custom collection workflows, Maltego, and structured analyst tradecraft.
Yes. Our forensics reports are written to meet the evidential standards of European courts and are routinely used in criminal, civil, and regulatory proceedings. Our practitioners can also give expert-witness testimony where required. We work to the documentation standards expected by national-police digital-evidence units. [VERIFY: number of cases where DataExpert practitioners have given expert-witness testimony]
Yes. A meaningful share of our forensics and OSINT work is delivered on instruction from European law-enforcement and regulatory bodies, including the Dutch National Police. We are practised at the protocols and confidentiality regimes those engagements demand, and our practitioners have the security clearances expected of contractors operating in that environment. [VERIFY: specific clearances/levels to publish]
Both. For some clients we run the full investigation end to end — acquisition, analysis, reporting, and testimony. For others we extend the capacity of an existing internal investigations team. The right shape depends on your in-house capability and the sensitivity of the matter. We will scope honestly in either direction.
Get in touch — we’ll route your case to the operators who have done this kind of work before.
or call +31 (0)318 543173