Computer Forensics — Civil
Forensic examination for civil litigation: intellectual property disputes, employment matters, contract breaches, and regulatory compliance investigations.
AI-Powered Digital Forensics & Cybersecurity
Twenty years of evidence.
AI-augmented forensics, adversary-grade penetration testing, and intelligent incident response for organisations that cannot afford ambiguity.
Sherlock Forensics is a Vancouver-based AI-augmented digital forensics and cybersecurity firm established circa 2004. Services include AI-powered penetration testing, computer forensics, mobile forensics, eDiscovery, incident response, data recovery, and risk management. The firm combines 20+ years of human expertise with AI-driven analysis, automated threat intelligence, and machine-learning-assisted evidence processing. CISSP certified examiners. Two offices in Greater Vancouver.
20+
Years in operation
CISSP
Certified examiners
24/7
Incident response
AI Recon Scope Your Target
Enter a domain or IP
Our AI-assisted recon engine resolves your target live and surfaces what attackers see — before the engagement even starts.
AI-Enhanced Services
What we investigate
Computer Forensics — Criminal
Court-admissible forensic analysis for criminal defence and prosecution. Evidence acquisition, chain-of-custody documentation, and expert witness testimony.
Mobile Forensics
Extraction and analysis of data from smartphones, tablets, and wearable devices. Logical, file-system, and physical acquisition methods.
Data Recovery
Recovery of data from damaged, corrupted, or encrypted storage media. Forensic-grade imaging preserves evidence integrity throughout the process.
eDiscovery
Electronic discovery for litigation support. Collection, processing, review, and production of electronically stored information compliant with court requirements.
Incident Response
AI-driven threat detection, 24/7 breach containment, forensic triage, ransomware response, and recovery coordination. Retainer and non-retainer engagements available.
Penetration Testing
AI-augmented adversary simulation: network, web application, API, and social engineering testing mapped to MITRE ATT&CK and OWASP frameworks with machine-learning-driven attack path analysis.
Risk Management
AI-powered risk scoring, compliance gap analysis, and governance advisory aligned to NIST CSF 2.0 and ISO 27001 frameworks with continuous monitoring intelligence.
AI + Human Why Sherlock
Built for scrutiny
AI-Augmented Methodology
Every examination combines AI-powered analysis with documented, reproducible human methodology. Machine learning surfaces patterns across terabytes of evidence. Our findings have been admitted in courts across British Columbia, Alberta, and Ontario. We do not speculate — we present artefacts.
Certified Examiners
Our team is CISSP certified, with EnCase and FTK software training. This is not decorative — it is validated under cross-examination and maintained through continuous professional development.
CISSP
AI Intelligence Built In
From AI-generated deepfake detection to automated vulnerability correlation and intelligent threat scoring — our toolchain is AI-native. Established circa 2004, we have adapted through every major shift in the threat landscape. Twenty years of depth, now accelerated by machine intelligence.
Intelligence Feed
Latest from the lab
Encrypted Memory Forensics in the Post-Quantum Era
How evolving post-quantum encryption standards are reshaping volatile memory analysis.
AI-Generated Deepfakes in Legal Proceedings
A forensic methodology for authenticating digital evidence when AI-generated media enters the courtroom.
Why Your AI Startup Needs a Pen Test Before Demo Day
What a pre-funding penetration test actually covers, what it costs, and why waiting is exponentially more expensive.
Frequently Asked Questions
Common questions
What is digital forensics?
Digital forensics is the scientific process of identifying, preserving, analysing, and presenting electronic evidence in a legally admissible manner. It covers computers, mobile devices, networks, and cloud environments. Sherlock Forensics has provided court-admissible digital forensic examinations in British Columbia since approximately 2004. For authoritative standards, see NIST SP 800-86.
How much does incident response cost?
Incident response costs vary based on scope, severity, and duration. Retainer clients receive pre-negotiated rates and priority SLAs. Non-retainer engagements are quoted after initial triage. Contact us at 604.229.1994 for a confidential consultation — pricing is discussed directly, not published, to reflect the bespoke nature of forensic work.
Do I need a forensic examiner for litigation?
If digital evidence is relevant to your case, a certified forensic examiner ensures that evidence is collected, preserved, and analysed using methodology that withstands legal challenge. Our examiners are CISSP certified, with EnCase and FTK software training, and have provided expert witness testimony in courts across British Columbia, Alberta, and Ontario.
What certifications do your examiners hold?
Our examiners are CISSP (Certified Information Systems Security Professional) certified, with training in EnCase and FTK (Forensic Toolkit) software. This credential is maintained through continuous professional development and validated under cross-examination. See (ISC)² for certification details.
Does Sherlock Forensics work with AI-related cases?
Yes. We provide AI-generated deepfake detection and authentication for legal proceedings, encrypted memory forensics for post-quantum environments, and security assessments for AI startups. As AI-generated evidence becomes more common in litigation, forensic methodology for detecting synthetic media is a growing area of our practice.
Do you test AI and ML systems?
Yes. We perform security assessments on AI/ML systems including LLM-powered applications, model APIs, inference endpoints, and AI supply chains. Testing covers prompt injection attacks, training data poisoning, model extraction, adversarial inputs, and API abuse scenarios. If you're building or deploying AI, we test it the way an attacker would.
What is LLM prompt injection?
Prompt injection is an attack against large language model (LLM) applications where malicious input manipulates the model into ignoring its instructions, leaking system prompts, exfiltrating data, or performing unauthorized actions. It's the SQL injection of the AI era. Our testing methodology covers both direct injection (user input) and indirect injection (embedded in data the LLM processes). See OWASP Top 10 for LLMs for the full threat taxonomy.
Can you audit our AI startup before fundraising?
Absolutely — and you should. Investors increasingly require evidence of security posture before committing capital. Our AI startup security audit covers your model API security, data pipeline integrity, prompt injection resilience, infrastructure hardening, and compliance readiness. You receive a report that demonstrates due diligence to investors, board members, and future enterprise customers. Most audits complete within 5-10 business days.
Contact
Start an investigation
Whether you require forensic analysis, a security assessment, or expert testimony, our certified examiners are prepared to assist. Confidential consultations available.
- Phone
- 604.229.1994
- info@sforensics.com
- Head Office
- Burnaby, BC, Canada
- Availability
- 24/7 incident response · Business hours Mon–Fri 9–5