HR investigations, internal IP-theft matters, departing-employee forensics, incident response, eDiscovery for regulatory or litigation hold. We engage directly with in-house counsel and HR — no need to route through outside counsel unless you want to protect privilege.
We work with the in-house team that's actually handling the matter — counsel, HR, security, IT. Sealed reports, named-purpose access, destruction on schedule.
Theft, harassment, policy violation, data exfiltration. Forensic imaging during off-hours, covert if needed. Sealed report to HR and counsel only.
Multi-source reconstruction: endpoint forensics, email and Slack search, cloud audit logs (Google Drive / OneDrive / Dropbox / GitHub), print and badge logs. Timeline product for injunctive relief.
Image laptops and phones before they're wiped or re-provisioned. Image lives in cold storage 90+ days, available if a non-compete or trade-secret issue surfaces post-departure.
Infrastructure + policy audit so future investigations are feasible. M365 UAL retention extension, forensic-quality logging, policy review and a documented intake process.
Pre-paid response capacity with priority bridge access. Pre-negotiated engagement letter so terms are settled before any incident occurs.
Litigation hold, ECA, processing, production to OPC / OSC / Competition Bureau, review-platform handoff. Defensible under Sedona Canada.
Real matters we work in this audience segment. Not an exhaustive list — if your situation isn't here, ask.
Image their devices before wipe. Review cloud-upload destinations and USB history. Preserve for 90+ days against future non-compete or IP issues.
Active-incident response. Containment, scoping, PIPEDA breach assessment, recovery coordination, regulator-facing report.
Workplace misconduct, harassment, theft. Covert imaging during off-hours. Sealed report. PIPEDA-compliant procedure throughout.
Multi-source reconstruction across endpoints, email, cloud and network. Output: defensible timeline for injunction or termination.
PIPEDA / PHIPA / PIPA / Quebec Law 25 breach assessment. Forensic findings letter for counsel; counsel handles the OPC filing.
Pre-acquisition forensic audit of target's digital posture, departing-key-personnel data exposure and breach-history verification.
The procurement and engagement model most often used by this audience. Custom arrangements available on request.
Direct engagement with in-house counsel or HR is standard. Master Services Agreement (MSA) available for repeat engagements; per-matter Statement of Work for one-offs. We're a registered vendor with most Canadian Fortune-500 procurement systems. Retainer programs available for organizations expecting recurring forensic or IR needs.
Generally yes, with two conditions: the company owns the device and the AUP / employment agreement permits monitoring or investigation. Most well-drafted Canadian AUPs include this language; if yours doesn't, we recommend updating it before any investigation starts.
For BYOD or personal devices, consent or court order is required. A quick employment-counsel review before imaging is recommended whenever there's any ambiguity.
Depends on how the engagement is structured. HR-direct engagement: usually discoverable. Counsel-directed engagement (in-house or outside): solicitor-client privilege applies. We structure each engagement to match the protection level you need — let us know up front whether litigation is on the horizon.
Yes. Covert imaging during off-hours is standard for active-employee investigations — laptop left on the desk overnight, imaged in our van or at our lab, returned before morning. Cloud-side investigation (M365 / Google Workspace audit log review) requires no endpoint access at all.
Yes. $5M professional liability + cyber per occurrence. We can be named-additional-insured on engagements that require it. Certificate of insurance on request.
Likely yes. We're registered with most Canadian Fortune-500 procurement systems (SAP Ariba, Coupa, Workday Strategic Sourcing, Oracle Procurement). Onboarding takes 2-4 weeks; we keep the standard docs (W-9 equivalent, certifications, COI, MSA template) at hand to streamline.
Yes, MSA + SOW model is standard for repeat clients. The MSA covers terms, liability and IP; SOW handles per-matter scope and budget. Most clients move to MSA after 2–3 engagements.
Tell us briefly what's happening — under privilege. A senior examiner will reply.
