UNIVERSITY OF SOUTH AFRICA
College of Law
⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄⋄
FOR3701: Forensic Investigation
Assessment 02 — Semester 1, 2026
⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄⋄
FOR3701
Module Code:
Forensic Investigation
Module Name:
Assessment 02
Assessment:
02
Assignment Number:
298986
Unique Number:
02 April 2026
Due Date:
50
Total Marks:
Submitted in partial fulfilment of the requirements for FOR3701 — UNISA 2026
,UNISA | FOR3701 Assessment 02 — Semester 1, 2026
Question 1: Forensic Science Laboratory Assistance and Management Principles
1.1 How the Forensic Science Laboratory Could Assist
The Forensic Science Laboratory (FSL) is a critical partner to any investigating team deal-
ing with physical and digital evidence, and in the UbuntuTel case it could contribute across
several distinct areas of examination.1
First, the FSL could conduct cable and tool mark examination. The severed fibre cables recov-
ered at the sabotaged tower sites should be submitted to the FSL for physical examination.
Forensic scientists can establish whether the cables were cut by a specific tool, such as a
cable cutter or industrial shears, and can compare tool marks left on the cables against tools
seized from the suspect’s vehicle, workplace, or residence. A match would create a direct
evidential link between the suspect and the physical act of sabotage.2
Second, the FSL could carry out fingerprint and trace evidence analysis. Tower infrastructure,
removed routers, and the SIM-based modems that were taken from the sites should be ex-
amined for latent fingerprints and DNA. Touch DNA recovered from surfaces that would have
required handling during the tampering can be compared against a reference sample from
the suspect. Trace evidence, such as fibres, soil, or paint transfers, may also link the suspect
to the specific sites.3
Third, digital forensic examination of the reconfigured routers and any electronic devices
linked to the suspect would assist in establishing who issued the reconfiguration commands,
when those commands were issued, and whether any remote access sessions originated
from devices attributable to the suspect. The FSL’s digital forensic unit can extract logs, com-
mand histories, and network artefacts from the routers that may survive even after a reconfig-
uration attempt.4
Fourth, the FSL could conduct document examination and mobile data analysis. The What-
sApp messages retrieved during the investigation should be examined for authenticity and
metadata; the FSL’s digital unit can confirm whether the messages were generated by the
device attributed to the suspect and that they have not been altered. Cell phone data, once
obtained through the correct legal process, can be overlaid with tower logs to produce a ge-
1
Joubert J et al Applied Criminal Justice in the Criminal Justice System (LexisNexis 2019) 211.
2
Van der Westhuizen J Forensic Criminalistics 4th ed (Heinemann 2016) 68.
3
Joubert (n 1) 215.
4
Kruse WG and Heiser JG Computer Forensics: Incident Response Essentials (Addison-Wesley 2002) 9.
Page 2 of 17
, UNISA | FOR3701 Assessment 02 — Semester 1, 2026
olocation picture placing the suspect at or near each sabotage site.5
Fifth, the FSL could assist with vehicle trace examination. The CCTV footage captured the
suspect’s vehicle near a tower on the night of damage. If the vehicle is seized, the FSL can
examine it for physical traces consistent with visits to the tower sites, including soil from the
site, cable fragments, or router components.6
Sixth, expert testimony from FSL scientists will be needed at any subsequent criminal or
disciplinary proceeding to explain the scientific methodology and conclusions to the court or
tribunal in terms that meet the requirements for admissible expert opinion evidence.7
1.2 Two Management Principles Applicable to this Investigation
Principle 1: The Principle of Command and Control
Every investigation requires a clearly identified person who bears ultimate responsibility for
all decisions, resource allocations, and the integrity of the investigation plan.8 In the Ubuntu-
Tel investigation, the lead investigator must establish a defined chain of command from the
outset: team members should report through specific lines, no investigative action should
be taken without authorisation from the lead, and all instructions must be documented. This
is especially important where the sabotage is suspected to be an inside job, since uncon-
trolled access to the investigation by persons within UbuntuTel risks evidence compromise
and leaks to the suspect. The chain of command also ensures that the investigation is legally
defensible and that the rights of the suspect, including the right to be informed of the investi-
gation in accordance with section 35 of the Constitution, are properly managed.9
Principle 2: The Principle of Confidentiality
Given that the case involves an insider threat, confidentiality is a non-negotiable management
principle.10 Information about the investigation, the suspect, the evidence gathered, and the
investigative strategy must be restricted to those with a direct operational need. In the Ubun-
tuTel context, sharing details of the investigation widely within the company creates the risk
5
Geldenhuys K ‘Cellphone Evidence: Digital DNA’ (2017) Servamus 16.
6
Van der Westhuizen (n 2) 89.
7
Constitution of the Republic of South Africa, 1996, s 35(3)(i); S v Mkohle 1990 (1) SACR 95 (A).
8
Joubert (n 1) 44.
9
Constitution of the Republic of South Africa, 1996, s 35.
10
Joubert (n 1) 47.
Page 3 of 17
College of Law
⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄⋄
FOR3701: Forensic Investigation
Assessment 02 — Semester 1, 2026
⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄⋄
FOR3701
Module Code:
Forensic Investigation
Module Name:
Assessment 02
Assessment:
02
Assignment Number:
298986
Unique Number:
02 April 2026
Due Date:
50
Total Marks:
Submitted in partial fulfilment of the requirements for FOR3701 — UNISA 2026
,UNISA | FOR3701 Assessment 02 — Semester 1, 2026
Question 1: Forensic Science Laboratory Assistance and Management Principles
1.1 How the Forensic Science Laboratory Could Assist
The Forensic Science Laboratory (FSL) is a critical partner to any investigating team deal-
ing with physical and digital evidence, and in the UbuntuTel case it could contribute across
several distinct areas of examination.1
First, the FSL could conduct cable and tool mark examination. The severed fibre cables recov-
ered at the sabotaged tower sites should be submitted to the FSL for physical examination.
Forensic scientists can establish whether the cables were cut by a specific tool, such as a
cable cutter or industrial shears, and can compare tool marks left on the cables against tools
seized from the suspect’s vehicle, workplace, or residence. A match would create a direct
evidential link between the suspect and the physical act of sabotage.2
Second, the FSL could carry out fingerprint and trace evidence analysis. Tower infrastructure,
removed routers, and the SIM-based modems that were taken from the sites should be ex-
amined for latent fingerprints and DNA. Touch DNA recovered from surfaces that would have
required handling during the tampering can be compared against a reference sample from
the suspect. Trace evidence, such as fibres, soil, or paint transfers, may also link the suspect
to the specific sites.3
Third, digital forensic examination of the reconfigured routers and any electronic devices
linked to the suspect would assist in establishing who issued the reconfiguration commands,
when those commands were issued, and whether any remote access sessions originated
from devices attributable to the suspect. The FSL’s digital forensic unit can extract logs, com-
mand histories, and network artefacts from the routers that may survive even after a reconfig-
uration attempt.4
Fourth, the FSL could conduct document examination and mobile data analysis. The What-
sApp messages retrieved during the investigation should be examined for authenticity and
metadata; the FSL’s digital unit can confirm whether the messages were generated by the
device attributed to the suspect and that they have not been altered. Cell phone data, once
obtained through the correct legal process, can be overlaid with tower logs to produce a ge-
1
Joubert J et al Applied Criminal Justice in the Criminal Justice System (LexisNexis 2019) 211.
2
Van der Westhuizen J Forensic Criminalistics 4th ed (Heinemann 2016) 68.
3
Joubert (n 1) 215.
4
Kruse WG and Heiser JG Computer Forensics: Incident Response Essentials (Addison-Wesley 2002) 9.
Page 2 of 17
, UNISA | FOR3701 Assessment 02 — Semester 1, 2026
olocation picture placing the suspect at or near each sabotage site.5
Fifth, the FSL could assist with vehicle trace examination. The CCTV footage captured the
suspect’s vehicle near a tower on the night of damage. If the vehicle is seized, the FSL can
examine it for physical traces consistent with visits to the tower sites, including soil from the
site, cable fragments, or router components.6
Sixth, expert testimony from FSL scientists will be needed at any subsequent criminal or
disciplinary proceeding to explain the scientific methodology and conclusions to the court or
tribunal in terms that meet the requirements for admissible expert opinion evidence.7
1.2 Two Management Principles Applicable to this Investigation
Principle 1: The Principle of Command and Control
Every investigation requires a clearly identified person who bears ultimate responsibility for
all decisions, resource allocations, and the integrity of the investigation plan.8 In the Ubuntu-
Tel investigation, the lead investigator must establish a defined chain of command from the
outset: team members should report through specific lines, no investigative action should
be taken without authorisation from the lead, and all instructions must be documented. This
is especially important where the sabotage is suspected to be an inside job, since uncon-
trolled access to the investigation by persons within UbuntuTel risks evidence compromise
and leaks to the suspect. The chain of command also ensures that the investigation is legally
defensible and that the rights of the suspect, including the right to be informed of the investi-
gation in accordance with section 35 of the Constitution, are properly managed.9
Principle 2: The Principle of Confidentiality
Given that the case involves an insider threat, confidentiality is a non-negotiable management
principle.10 Information about the investigation, the suspect, the evidence gathered, and the
investigative strategy must be restricted to those with a direct operational need. In the Ubun-
tuTel context, sharing details of the investigation widely within the company creates the risk
5
Geldenhuys K ‘Cellphone Evidence: Digital DNA’ (2017) Servamus 16.
6
Van der Westhuizen (n 2) 89.
7
Constitution of the Republic of South Africa, 1996, s 35(3)(i); S v Mkohle 1990 (1) SACR 95 (A).
8
Joubert (n 1) 44.
9
Constitution of the Republic of South Africa, 1996, s 35.
10
Joubert (n 1) 47.
Page 3 of 17
