![[background image] image of an innovation lab (for an ai developer tools).](https://cdn.prod.website-files.com/69bc99d0abcfdb08ef02fac1/6a0a6ac29f499ed74e791e25_faq.webp)
Find answers to the most common questions we get asked on digital forensics, investigations, technical surveillance counter-measures and corporate insider cyber risks
An internal investigation examines allegations such as workplace misconduct, fraud, policy violations, conflicts of interest, harassment, or unauthorized activities within an organization. These investigations typically involve interviews, document review, timeline reconstruction, and fact-finding to support informed management, HR, or legal decisions.A digital forensic investigation focuses specifically on electronic evidence. This may include the forensic collection and analysis of computers, mobile devices, email systems, cloud accounts, or network activity to identify data theft, unauthorized access, insider threats, or evidence relevant to litigation or regulatory matters.In many cases, both approaches are combined to establish a complete and defensible understanding of an incident.
Investigation timelines depend on the nature, urgency, and complexity of the matter. In sensitive situations involving potential evidence loss, insider activity, data exfiltration, or active misconduct, rapid intervention is critical.Initial consultations and case assessments can typically be arranged promptly. Immediate preservation measures may also be implemented to help protect relevant digital evidence and maintain evidentiary integrity.For complex corporate, forensic, or surveillance-related matters, a structured scope and engagement plan is established before investigative activities begin to ensure confidentiality, legal defensibility, and operational discretion.
Digital forensics is the process of identifying, preserving, analyzing, and documenting electronic evidence in a legally defensible manner. It is commonly used in cases involving workplace misconduct, insider threats, fraud, unauthorized access, data theft, cyber incidents, and litigation support.The objective of a forensic investigation is not only to recover information, but also to establish reliable findings supported by documented methodology, evidence integrity, and detailed reporting.Digital forensic investigations may support internal corporate matters, legal proceedings, regulatory reviews, or incident response activities.
Digital forensic analysis can involve a wide range of electronic systems and storage media, including: Desktop and laptop computers, Mobile phones and tablets, External storage devices and USB media, Email accounts and messaging platforms, Cloud storage environments, Network logs and connected systems, Corporate servers and business workstations. The scope of analysis depends on the objectives of the investigation, the available evidence, and applicable legal or organizational considerations.
In certain circumstances, deleted files, communications, and system artifacts may be recoverable through forensic analysis. Recovery success depends on several factors, including the type of device, elapsed time, storage activity after deletion, encryption, and system configuration. Even when files are no longer directly accessible, forensic examination can sometimes identify traces of activity, metadata, timelines, user actions, or indicators of data transfer and destruction.Because digital evidence can change rapidly, early preservation of affected systems is strongly recommended.
Digital evidence must be collected and preserved using controlled forensic procedures designed to maintain integrity, authenticity, and traceability.This typically includes: forensic imaging or targeted acquisition, documentation of collection procedures, chain-of-custody tracking, secure evidence storage, and verification methods to confirm evidence integrity. Improper handling of digital evidence can compromise investigative findings and may affect legal or regulatory defensibility. For this reason, preservation activities should begin as early as possible following the identification of a potential incident or dispute.
At this time, full-scale ransomware response, active incident containment, and managed cyber incident response services are not part of our operational offering. However, depending on the circumstances, we may assist organizations with limited post-incident forensic support related to evidence preservation, digital evidence review, internal investigative support, or documentation relevant to legal, regulatory, or workplace matters. Organizations experiencing an active cyberattack or operational disruption should engage a dedicated incident response provider immediately to contain threats, restore operations, and coordinate technical remediation.
Chain of custody refers to the documented process used to track the handling, transfer, preservation, and storage of digital evidence throughout an investigation. Its purpose is to demonstrate that evidence has remained intact, controlled, and unaltered from the time it was collected through analysis and reporting. Proper chain-of-custody procedures are essential in matters involving litigation, regulatory review, workplace investigations, or potential disciplinary proceedings. This process typically includes:documented evidence collection, identification of individuals handling the evidence, secure storage procedures, timestamped transfer records, and integrity verification methods. Maintaining evidentiary integrity is a critical component of any defensible forensic process.
Yes. Digital forensic and investigative support may be provided in matters involving litigation, employment disputes, internal investigations, regulatory concerns, or electronic evidence review. Support services can include: forensic preservation of digital evidence, device and data analysis, timeline reconstruction, documentation of findings, and technical clarification of digital evidence. Services are structured to support legal counsel while maintaining discretion, evidentiary integrity, and professional investigative standards. The scope of engagement is defined according to the legal, organizational, and procedural requirements of each matter.
A Technical Surveillance Countermeasure (TSCM) inspection is a specialized security examination conducted to identify unauthorized surveillance devices, covert monitoring systems, hidden wireless transmissions, or suspicious technical activity within a physical environment.TSCM inspections may involve the detection of: hidden cameras, covert microphones, unauthorized wireless devices, rogue Wi-Fi access points, suspicious radio frequency activity, and other forms of technical surveillance or unauthorized monitoring. These inspections are commonly requested in situations involving corporate sensitivity, executive protection, confidential negotiations, insider concerns, workplace disputes, or suspected privacy compromise.
Indicators of potential surveillance or unauthorized monitoring can vary depending on the situation. Common concerns may include: unexplained disclosure of confidential information, unusual device or network activity, unknown wireless signals, repeated operational leaks, suspicious modifications to workspaces or vehicles, or concerns arising during sensitive corporate or legal matters. In many cases, there may be no obvious visible signs. A professional assessment helps determine whether technical indicators or environmental anomalies warrant further examination. Because each situation is unique, evaluations are conducted discreetly and based on the operational context and risk profile involved.
Depending on the environment and inspection scope, TSCM examinations may identify:
hidden cameras,c overt audio transmitters, unauthorized wireless access points, Bluetooth-enabled surveillance devices, rogue cellular devices, GPS tracking devices, concealed recording equipment, and suspicious radio frequency emissions. Detection capabilities depend on several factors, including device sophistication, environmental conditions, signal activity, physical access limitations, and inspection scope. TSCM inspections are designed to reduce technical exposure risks while supporting confidentiality and operational security.
Yes. Wireless environment assessments and rogue network detection may form part of a broader TSCM or technical security inspection. This can include identifying: unauthorized Wi-Fi networks, rogue access points, suspicious wireless devices, unknown Bluetooth activity, unexpected radio frequency transmissions, and insecure or improperly configured wireless infrastructure. These assessments help organizations better understand potential exposure risks within sensitive environments and identify unauthorized or unmanaged wireless activity that could affect confidentiality or operational security.
Yes. Services may be provided to executives, professionals, organizations, and individuals operating in sensitive, high-confidentiality, or elevated-risk environments. This can include matters involving: corporate disputes, confidential business negotiations, internal misconduct concerns, legal or regulatory exposure, reputational risk,or suspected unauthorized monitoring or information leakage. Engagements are conducted with a strong emphasis on discretion, confidentiality, and operational professionalism. Depending on the nature of the matter, services may also be coordinated with legal counsel, corporate leadership, or external advisors where appropriate.
Yes. Cyber and privacy risk assessments may be conducted for executives, professionals, and individuals operating in sensitive or elevated-risk environments where confidentiality, reputation, and information security are critical concerns. These assessments are designed to identify potential exposure risks related to:personal and professional digital footprints, unauthorized information exposure, insecure communications, privacy vulnerabilities, wireless and device-related risks, executive travel considerations, and broader operational security concerns.Depending on the scope of engagement, assessments may include a review of digital exposure, communication practices, device hygiene, account security, wireless environments, and risks associated with targeted surveillance, social engineering, or information leakage.The objective is to provide practical, risk-based recommendations that strengthen privacy, reduce exposure, and improve overall operational security while maintaining discretion and confidentiality.
Typical clients include small and medium-sized businesses, executives, professionals, legal counsel, and organizations requiring discreet investigative, forensic, or technical security services. Engagements commonly involve: workplace misconduct concerns, internal investigations, digital evidence matters, executive privacy and security concerns, confidential corporate disputes,and sensitive operational or reputational risks. Services are tailored to organizations and individuals requiring a structured, professional, and evidence-driven approach.
Yes. Services may be provided directly to law firms or in coordination with external legal counsel in matters involving litigation support, internal investigations, digital evidence, workplace disputes, or regulatory concerns. Collaboration with counsel may include: forensic preservation of electronic evidence,investigative support,technical clarification of findings,timeline reconstruction,and structured reporting relevant to legal proceedings or internal matters.Engagements are conducted with careful attention to confidentiality, evidentiary integrity, and professional standards.
Corporate investigations, workplace investigations, and private investigative activities are conducted within Quebec in accordance with applicable licensing and regulatory requirements governing investigative services. Digital forensic services, evidence analysis, cyber and privacy risk assessments, and certain advisory services may also be provided to clients elsewhere in Canada, depending on the nature and scope of the engagement. Availability may vary based on jurisdictional, legal, and operational considerations associated with the matter involved.
Sensitive client information and digital evidence are handled using controlled procedures designed to support confidentiality, integrity, and secure retention. Depending on the nature of the engagement, protective measures may include: restricted access controls, encrypted storage, secure transfer methods,evidence tracking procedures, documented chain-of-custody practices, and controlled retention and disposal processes. Confidentiality and evidentiary integrity are treated as essential components of all investigative and forensic engagements.
The initial consultation is intended to understand the nature of the matter, identify immediate concerns, and determine whether the requested services align with the scope of the engagement. Discussions may include:the circumstances surrounding the issue, potential evidence sources,operational or legal sensitivities, timelines,and confidentiality considerations. Where appropriate, preliminary guidance may be provided regarding evidence preservation, investigative scope, or next steps. If the matter proceeds, a structured engagement framework and scope definition are established before investigative or forensic activities begin.
Yes. Discretion and confidentiality are fundamental principles of all investigative, forensic, and technical security engagements. Many matters involve sensitive corporate, legal, reputational, or personal concerns requiring controlled communications, limited disclosure, and careful handling of information and evidence.Operational details, investigative findings, and client information are managed in a professional and confidential manner consistent with the nature of the engagement and applicable legal or regulatory obligations.
Pricing depends on the nature, complexity, duration, and scope of the engagement. Certain services may be offered on:
hourly billing, fixed-fee engagements, phased investigative mandates, or assessment-based pricing structures. Factors influencing pricing may include: urgency, number of devices or locations involved, evidentiary complexity, travel requirements, reporting requirements, and the level of technical or investigative resources required. A defined scope of work and fee structure are established prior to the commencement of services whenever possible.
No. Surveillance operations are not part of our service offering at this time. Our work is focused on corporate investigations, workplace-related matters, digital forensics, technical security assessments, and cyber and privacy risk evaluations. Engagements are conducted within a structured professional and evidence-focused framework aligned with corporate, legal, and organizational contexts.
No. We do not provide matrimonial, infidelity, domestic, or child custody investigation services. Our practice is focused on corporate, workplace, forensic, technical security, and privacy-related matters involving organizations, professionals, executives, and legal counsel.
