AI Code Audit
Security review of AI-generated code from Copilot, Claude and ChatGPT. Static analysis, dependency auditing and vulnerability scanning for machine-written codebases.
AI-Powered Digital Forensics & Cybersecurity
Twenty years of evidence.
AI-augmented forensics, adversary-grade penetration testing and intelligent incident response for organizations that need certainty.
20+
Years in operation
CISSP
Certified examiners
24/7
Incident response
AI Recon Scope Your Target
Enter a domain or IP
Our AI-assisted recon engine resolves your target live and surfaces what attackers see - before the engagement even starts.
AI-Enhanced Services
What we investigate
Vibe Coding Security
Security assessment for vibe-coded applications built with AI assistants. Identify injection flaws, broken authentication and insecure defaults before production deployment.
Computer Forensics - Civil
Forensic examination for civil litigation: intellectual property disputes, employment matters, contract breaches and regulatory compliance investigations.
Computer Forensics - Criminal
Court-admissible forensic analysis for criminal defence and prosecution. Evidence acquisition, chain-of-custody documentation and expert witness testimony.
Mobile Forensics
Extraction and analysis of data from smartphones, tablets and wearable devices. Logical, file-system and physical acquisition methods.
Data Recovery
Recovery of data from damaged, corrupted or encrypted storage media. Forensic-grade imaging preserves evidence integrity throughout the process.
eDiscovery
Electronic discovery for litigation support. Collection, processing, review and production of electronically stored information compliant with court requirements.
Incident Response
AI-driven threat detection, 24/7 breach containment, forensic triage, ransomware response and recovery coordination. Retainer and non-retainer engagements available.
Penetration Testing
AI-augmented adversary simulation: network, web application, API and social engineering testing mapped to MITRE ATT&CK and OWASP frameworks with machine-learning-driven attack path analysis.
Risk Management
AI-powered risk scoring, compliance gap analysis and governance advisory aligned to NIST CSF 2.0 and ISO 27001 frameworks with continuous monitoring intelligence.
Phishing Campaigns
AI-powered social engineering testing. Thousands of templates plus custom red team lures. Track clicks, credentials and reporting rates across your organization.
AI + Human Why Sherlock
Built for scrutiny
AI-Augmented Methods
Every examination combines AI-powered analysis with documented, reproducible human review. Machine learning surfaces patterns across terabytes of evidence. Our findings have been admitted in courts across British Columbia and Newfoundland. We do not speculate. We present artifacts.
Certified Examiners
Our team is CISSP certified, with EnCase and FTK software training. This is not decorative - it is validated under cross-examination and maintained through continuous professional development.
CISSP
AI Intelligence Built In
From AI-generated deepfake detection to automated vulnerability correlation and intelligent threat scoring - our toolchain is AI-native. Established circa 2004, we have adapted through every major shift in the threat landscape. Twenty years of depth, now accelerated by machine intelligence.
Intelligence Feed
Latest from the lab
Claude Mythos Just Changed the Threat Landscape. Is Your Company Ready?
Claude Mythos found thousands of zero-days for under $50. Over 99% remain unpatched. Is your infrastructure next?
Why Your AI Startup Needs a Pen Test Before Demo Day
What a pre-funding penetration test covers, what it costs and why waiting is exponentially more expensive.
AI-Generated Deepfakes in Legal Proceedings
A forensic approach for authenticating digital evidence when AI-generated media enters the courtroom.
Encrypted Memory Forensics in the Post-Quantum Era
How evolving post-quantum encryption standards are reshaping volatile memory analysis.
Frequently Asked Questions
Common questions
What is digital forensics?
Digital forensics is the scientific process of identifying, preserving, analysing and presenting electronic evidence in a legally admissible manner. It covers computers, mobile devices, networks and cloud environments. Sherlock Forensics has provided court-admissible digital forensic examinations in British Columbia since approximately 2004. For authoritative standards, see NIST SP 800-86.
How much does incident response cost?
Incident response costs vary based on scope, severity and duration. Retainer clients get pre-negotiated rates and priority SLAs. Non-retainer engagements are quoted after initial triage. Contact us at 604.229.1994 for a confidential consultation. Pricing is discussed directly because every engagement is different.
Do I need a forensic examiner for litigation?
If digital evidence is relevant to your case, a certified forensic examiner ensures that evidence is collected, preserved and analyzed using methods that hold up in court. Our examiners are CISSP certified with EnCase and FTK training and have provided expert witness testimony in courts across British Columbia and Newfoundland.
What certifications do your examiners hold?
Our examiners are CISSP (Certified Information Systems Security Professional) certified, with training in EnCase and FTK (Forensic Toolkit) software. This credential is maintained through continuous professional development and validated under cross-examination. See (ISC)² for certification details.
Does Sherlock Forensics work with AI-related cases?
Yes. We provide AI-generated deepfake detection for legal proceedings, encrypted memory forensics for post-quantum environments and security assessments for AI startups. As AI-generated evidence becomes more common in court, detecting synthetic media is a growing area of our practice.
Do you test AI and ML systems?
Yes. We perform security assessments on AI/ML systems including LLM-powered applications, model APIs, inference endpoints and AI supply chains. Testing covers prompt injection attacks, training data poisoning, model extraction, adversarial inputs and API abuse scenarios. If you're building or deploying AI, we test it the way an attacker would.
What is LLM prompt injection?
Prompt injection is an attack against large language model (LLM) applications where malicious input manipulates the model into ignoring its instructions, leaking system prompts, exfiltrating data or performing unauthorized actions. It's the SQL injection of the AI era. Our testing covers both direct injection (user input) and indirect injection (embedded in data the LLM processes). See OWASP Top 10 for LLMs for the full threat taxonomy.
Can you audit our AI startup before fundraising?
Absolutely - and you should. Investors increasingly require evidence of security posture before committing capital. Our AI startup security audit covers your model API security, data pipeline integrity, prompt injection resilience, infrastructure hardening and compliance readiness. You receive a report that demonstrates due diligence to investors, board members and future enterprise customers. Most audits complete within 5-10 business days.
Client Reviews
What our clients say
★★★★★
Found stuff our other security company completely missed. Really impressed.
★★★★★
fast and thorough
★★★★★
We had a breach and these guys were on it within hours. Helped us figure out exactly what happened and how to fix it. Would definately use again.
★★★★☆
Good report, took a bit longer than expected to schedule but the actual work was solid.
★★★★★
Hired them to look at our app before launch. Found 12 issues we had no idea about. Worth every penny.
4.8 out of 5 based on 5 reviews -
View all 5 reviews -
Leave a Review
Contact
Start an investigation
Whether you require forensic analysis, a security assessment or expert testimony, our certified examiners are prepared to assist. Confidential consultations available.
- Phone
- 604.229.1994
- Head Office
- Burnaby, BC, Canada
- Availability
- 24/7 incident response · Business hours Mon-Fri 9-5