Jacques Malan Director, FACTS Consulting
• Director of FACTS Consulting
• B Eng. (Electronic Engineering)
• ENCE (Encase Certified Forensic Examiner)
• GREM (GIAC Certified Reverse Engineering Malware)
• GCFA (GIAC Certified Forensics Analyst)
• GCIH (GIAC Certified Incident Handler)
• GCFE (GIAC Certified Forensic Examiner)
• GMOB (GIAC Certified Mobile Security Analyst)
• GPEN (GIAC Certified Penetration Tester)
• GCTI (GIAC Certified Threat Intelligence analyst)
Jacques started FACTS Consulting in 2004 as a Computer forensic and information security and service provider. Jacques is the team lead of the software development and cyber forensic business. He has also been responsible for prototyping of next generation software features for the Skynet and other investigation solutions including the development of AI capabilities since 2021 for FACTS and their clients Jacques obtained his BEng (Electronic Engineering) degree from the University of Pretoria and went on to specialise as a security analyst obtaining his Certified Information Systems Security Professional (CISSP) qualification. Having undergone cyber forensics training in the United States of America (USA), he obtained further qualifications as an Encase forensic examiner (ENCE) and a Certified Information Systems Auditor (CISA). He also completed his GREM (GIAC Reverse Engineering Malware) certification, GCFA (GIAC Certified Forensic Analyst), GCIH (GIAC Certified Incident Handler), GMOB (GIAC Certified Mobile security Analyst) certification and GPEN (GIAC Certified Penetration Tester) certifications and GCTI (GIAC certified threat intelligence analyst) As a recognised cyber forensic investigations expert, Jacques has extensive experience investigating high-tech crimes committed through the use of technology. Over the years he has provided crucial technical support and know-how to a number of law enforcement agencies and has strategically guided a number of government departments. Jacques worked as a engineer, developer and information security expert in public and private sector including fortune 100 companies, DOD and intelligence agencies. Jacques has also worked in the public and private sector arena as an information security expert. Working in this field has greatly aided Jacques in the cyber forensic investigation process. Jacques has also assisted in the development, review and management of a number of software development projects for a number of organisations. Based on his experience of information security, cyber forensics and extensive experience in various programming languages, Jacques is able to effectively streamline processes, and optimally apply the available technology. Jacques has received extensive forensic and incident handling (hacking related) and high-tech crime investigation training in the US as well as Europe and is part of an international advisory board of experts to assist the community in the field of information security and cyber forensics.
Jacques is one of a few Open Text Forensic Software Enscript Programmers in the world developing complex forensic image data extraction and normalisation and contributes forensic applications to the community on a yearly basis. Some of the major projects performed by Jacques include:
• Developing of satellite communications systems (from hardware development to software system integration) as well as smaller commercial projects in fields such as bio-engineering. Design tools used include Keil-C embedded controller software, Xilinx CPLD and FPGA software as well as C++, C++Builder and Delphi software packages.
• Part of a team of two engineers that developed a SCPC multi-channel satellite receiver system which included a real time software control shell developed in C++Builder under Windows NT.
• RF test and verification projects for commercial applications where problems were encountered in the industrialisation of the devices.
• Development of a programmable electro-stimulation prototype for pain relief due to injuries or post-surgical effects.
• Jacques was part of a team who developed a DCME system for satellite communications
• Jacques has experience in the following PC Software skills C++, C++Builder, C, Delphi, Java, Web development(C#,Silverlight,.NET), Linux/FreeBSD, Oracle, SQL, MySQL, Dos, Windows 95,98, NT, 2000, XP, Vista,7, Win8,Visual Studio Development environments 2005-2017, Open source and commercial forensic software related tools, Various scripting languages such as Python and Perl.
• He was a consultant to the structuring and software development of a new Music Education Program for schools. This entailed structuring of the program, handling of sound engineering aspects and software development, using Delphi and C++Builder.
• Manager of a charitable company (GETA) for the development of electronic speech aids for the CAAC (Centre for Alternative and Augmented Communication) at the University of Pretoria.
• Director of a company (Bella Peripherals) doing computer sales and network support for Windows 95/98/NT/2000. The work entailed computer sales, after sales service as well as hardware and software support. This also included basic network setup and administration under all Windows environments.
• Security Analyst at CSIR Safety and security centre focusing on governmental technology support and IT security analysis and implementation. It entailed internal as well as external penetration testing of governmental and private networks. This included a contract with Price Waterhouse Coopers to do risk assessments or IT Security audits for their global clients. Assisting in the secure design and implementation of IT hardware and software systems including customised operating systems, applications and network solutions.
• Security evaluations of ICT solutions based on the ISO 15408 (Common Criteria) specification as well as BS 17799. This included software solution and code reviews.
• Supporting governmental agencies including the Department of Defence in the writing of their IT security policy.
• Security related training of key network personnel in the DOD and other departments of South African government.
• Technical management and mentoring of a security analyst team at the CSIR information warfare group.
• As a development Engineer within the IW (information warfare) his daily responsibilities also included designing next generation security solutions for ICT systems and use of low-level hardware and machine language to develop secure network devices.
• Quick reaction support countrywide, giving technical support in the full process of cyber forensics investigations. The processes included pre investigation planning, search and seizure, analysis, data recovery as well as expert testimony when needed.
• Responsible for developing and presenting a two-week workshop in the field of cyber forensics. To date 3 courses have been successfully presented.
• Responsible for developing and presenting a cyber-forensic first responder training module which was presented country wide.
• Co presenter of a cyber-investigation certification course at the University of Pretoria.
• Research into new technologies and trends in the field of high-tech crime and giving guidance to government on technological strategic decisions.
During his time at the CSIR he was the technical contact person for the G24 international incidence response drive.
• Development of cyber forensic methodology for the DSO (Directorate of Special Operations) as well as development and presentation of the first responder national training week.
• Development and presentation of cyber forensic first responder training which was presented to law enforcement on a national basis.
• Assisting in the secure design and implementation of ICT systems ranging from operating systems to network solutions.
• Business development in the IT security service arena to new clients and technology avenues.
• Supporting governmental agencies including the Department of Defence in the writing of their IT security policy.
• Research into new cutting-edge ICT related technologies and prediction of short term as well as long term implications of these technologies. This included various communication system architectures such as GSM.
• Responsible for the specification and implementation of several information security labs as well as various secure forensic labs for government as well as for Deloitte and Touché South Africa.
• Leader and principal cyber forensic expert witness for the South African Deloitte and Touché Cyber forensic investigation unit.
• Responsible for the development of business intelligence process automation software system for Deloitte as well as other clients.
• Using the Encase Enscript engine, he automated many of the cyber forensic investigation processes, dramatically reducing processes running time and possibility of errors.
• Cyber Forensics specialist, supporting organisations such as the Scorpions in forensic investigation as well as technical team leader of the CSIR FACTS forensics team.
• As part of his cyber forensic responsibilities he was required to reverse engineer software applications such as malware and keyboard loggers to extract forensic evidence from the software or to track the origin of the software under investigation.
• As the technical and group leader of the national cyber forensic unit of Deloitte and Touché many custom software solutions were developed including a web-based case management system as well as process automation tools.
• Since leaving Deloitte in 2007 and becoming a director at FACTS Consulting, he and his team have been assisting in software IP disputes in the telecommunications, health and travel industry of single and multitier systems ranging from R 1 million to R 2 billion and have been required to do detailed technical code and system reviews.
• Jacques was the technical lead in assisting Deloitte to establishing a financial intelligence unit for the Tanzanian government. In this project, he was required to plan, roll out and assist in training the anti-money laundering unit of Tanzania and was responsible for specifying and evaluating hardware and software solutions which would be best suited for the local environment.
• Jacques has also been involved in tender reviews on behalf the SIU (special investigating unit) in support of identifying tender irregularities by reviewing the IT solutions presented by vendors and assessing the technical scores given by the technical teams. This included reviews of the implementation of systems and in some cases the software development life cycles followed in relation to international standards such as the IT risk control standards published by ISACA. In this context, Jacques has reviewed hardware and software solutions delivered to government institutions in the telecommunications, HR, Health, Business Intelligence and Fraud Detection arenas to name a few.
• The IT solutions on which technical reviews were done ranged in value from R 150 000 to R 16 billion and ranged in size and complexity accordingly.
• Jacques and the FACTS team have also developed a web-based timesheet management system as well as assisted clients in customising or updating custom software solutions not developed in house.
• Various cutting-edge forensic software tools have been development by Jacques and his team in support of complex forensic code review processes and other specialist requirements where commercial tools fall short of what is needed. A significant project designed and developed by Jacques and FACTS is SKYNET, an enterprise scale investigation portal and eDiscovery platform which was used in large investigations since 2015.
• As part of the State Capture Commission Digital Forensic Team he was tasked to assist in structuring, mining and visualising big data forensic data set as well as the extraction of evidence from forensic images. Part of the his responsibility was creating open source based processes tostructure and interrogate forensic evidence and for this purpose he built a generic evidence ingestion engine (JARVIS) which allows the analyst to see and interrogate all data types such as financial, phone evidence (call,messages,locations,wifi connections), email and any other temporal data in a timeline based visual environment. As one of South Africa’s most qualified and well-known experts in cyber forensic investigations, Jacques Malan has built his career around investigating tech or high-profile crimes. After working as an information security analyst for organisations including the CSIR (Counsel for Scientific and Industrial Research). As the company’s director, he has grown FACTS into one of the country’s top forensic technology consulting firms, developing cutting-edge solutions to assist organisations in large-scale fraud and cybercrime investigations. Jacques has a Bachelor of Electronic Engineering from the University of Pretoria, and is also a Certified Information Systems Security Professional, Open Text EnCase Forensic Examiner, Information Systems Auditor, Forensic Analyst, Incident Handler, Mobile Security Analyst and Penetration Tester. He has received extensive training in forensics, incident handling and high-tech crime investigation in both the USA and Europe. Today, Jacques continues to conduct research into new ICT technologies and trends, predicting their long- and short-term implications. He also serves on an international board of advisory experts; designs and delivers training modules and certification courses in cyber forensics; and annually contributes forensic applications to the Open Text Forensic Software Enscript Programmers community.
