Full App Inventory
Every installed application is catalogued, including hidden and sideloaded packages that do not appear in the normal app drawer. Stalkerware frequently hides itself from the device launcher.
Spyware Detection
Since 2006. CISSP, ISSAP and ISSMP certified. Forensic spyware analysis for Android and iPhone with court-ready documentation.
Sherlock Forensics provides professional spyware and stalkerware detection for Android and iPhone devices. Forensic analysis identifies hidden surveillance apps including mSpy, FlexiSpy, Cocospy and Hoverwatch using logical acquisition. Over 90% of commercial stalkerware is detectable without physical extraction. Court-ready forensic reports document findings for legal proceedings.
Free initial consultation | Results in 2-3 business days | Court-ready reports
Warning Signs
You may have noticed something off about your phone. Maybe the battery dies faster than it used to. Maybe someone seems to know things they should not. These are the indicators we hear most often from clients who contact us.
These signs can also have innocent explanations. An aging battery, a misbehaving app or a pending system update can produce identical symptoms. Professional forensic analysis determines whether surveillance software is actually present. Do not factory reset your phone before analysis. Resetting destroys the evidence we need to identify the spyware and document it for legal proceedings.
Forensic Analysis
Every installed application is catalogued, including hidden and sideloaded packages that do not appear in the normal app drawer. Stalkerware frequently hides itself from the device launcher.
We examine which apps have been granted accessibility services, device administrator privileges and camera/microphone access. Stalkerware requires these permissions to function.
Persistent processes and background services are analyzed for surveillance behavior. Legitimate apps do not need to run continuously in the background monitoring calls and messages.
We check for custom Certificate Authority certificates installed on the device. These are indicators of man-in-the-middle interception, allowing an attacker to read encrypted web traffic.
Cached DNS lookups and network connection logs reveal which servers your device has been communicating with. Known stalkerware command-and-control domains are flagged immediately.
Per-app battery consumption and data usage are analyzed. Apps consuming disproportionate resources relative to their stated function are investigated further.
We determine whether each app was installed from the Play Store, App Store or sideloaded as an APK. Stalkerware is almost always sideloaded because Google and Apple remove it from their stores.
Device administrator registrations grant apps elevated privileges including the ability to prevent their own uninstallation. Stalkerware commonly registers as a device administrator to resist removal.
Over 90% of consumer spyware (mSpy, FlexiSpy, Cocospy, Hoverwatch and similar) is detectable via logical acquisition. No physical extraction needed. The forensic acquisition process is non-destructive and does not modify any data on your device. Refer to NIST SP 800-101 Rev 1 for guidelines on mobile device forensic acquisition methods.
Known Threats
These are commercial stalkerware applications available for purchase online. They are marketed as "parental monitoring" or "employee tracking" tools but are frequently used for unauthorized surveillance of partners and spouses. Our forensic analysis identifies their presence, installation date and the data they have been accessing.
State-level surveillance tools (Pegasus, Predator) require specialized analysis beyond standard forensic methods. If you believe you may be targeted by a government-level adversary, inform us during consultation. We can advise on additional measures and refer you to organizations equipped for that level of analysis, including The Citizen Lab at the University of Toronto.
Transparency
We believe honesty about limitations builds more trust than vague promises. Our logical acquisition method detects the vast majority of consumer stalkerware. But there are categories of surveillance that require different approaches.
If you have reason to believe you are targeted by a government-level adversary, inform us during consultation. We can advise on additional measures. For most people, however, the threat is commercial stalkerware installed by someone with physical access to the device. That is exactly what our analysis is designed to find.
How It Works
From first contact to final report, every step is documented with forensic rigor. If your findings need to be used in court, the chain of custody starts the moment you contact us.
Who We Help
People contact us for many different reasons. What they share is a need for answers. Our job is to examine the device, document what we find and give you the facts.
If you suspect a current or former partner is monitoring your phone, you deserve to know for certain. Our analysis provides documented proof that can be used in protection order applications, custody proceedings and criminal complaints. We understand the sensitivity of your situation and treat every case with discretion.
Corporate espionage through mobile device surveillance is a real threat. If you handle sensitive business information and suspect your device has been compromised, forensic analysis can identify unauthorized monitoring software and provide evidence for internal investigations or legal action.
When your client alleges unauthorized surveillance, you need forensic evidence to support the claim. Our reports document spyware presence with chain of custody, SHA-256 hash verification and examiner credentials. We also provide expert witness testimony when required.
If you suspect a third party has installed monitoring software on your child's device without your knowledge or consent, forensic analysis can identify the software and document its presence. This is particularly relevant in custody disputes where one parent may have installed surveillance without the other parent's authorization.
You do not need to fit a specific category to use this service. If something feels wrong with your phone and you want a professional answer, that is enough. We will examine the device and tell you what we find. If there is nothing there, that answer has value too.
Questions
Take the Next Step
A free consultation takes five minutes. We will listen to what you are experiencing, tell you whether forensic analysis is likely to help and explain exactly what the process involves. No commitment required. For forensic practitioners who want to perform their own spyware analysis, see the Sherlock Forensics Android Acquirer and our Android forensics guide.
If something does not feel right, trust that instinct. Call us for a confidential consultation. We will tell you what we can do and what to expect. See also: mobile forensics services, chain of custody documentation and workplace investigations.
Call 604.229.1994Sherlock Forensics spyware detection services are provided for lawful use. Terms of Service