What does SleuthX do?

SleuthX is an AI agent that performs digital forensic triage on consumer cyber incidents. You give it the data — account logs, device artifacts, screenshots, communications — and the agent classifies what happened, reconstructs the timeline, surfaces the root cause, and ships you a structured, evidence-grade report you can act on. The agent is trained on real DFIR cases run through a working forensics methodology, and outputs are validated against the same court-admissible standard the practice uses on live cases.

How does SleuthX compare to antivirus or identity-protection apps?

Antivirus scans for known malware signatures. Identity-protection apps monitor public breach databases for exposure. Neither one investigates a specific incident on your devices or accounts, neither one explains what actually happened, and neither one produces a court-admissible report. SleuthX is forensic methodology, not signature matching. The comp set is enterprise IR firms and Cellebrite-licensed shops at $50K-$500K, not Aura or LifeLock at $10-50/mo. SleuthX brings that methodology into a tier consumers can actually pay for, because the agent absorbs the procedural analyst time.

What do I receive after running SleuthX?

A structured forensic report with five deliverables: (1) compromise classification — whether something real happened or whether the alarm was noise, with severity; (2) timeline of activity — what happened, in what order, on which device or account; (3) root cause hypothesis — how the compromise started (phishing, SIM swap, OAuth grant, malicious app, insider access), evidence-backed; (4) clear next steps — what to do this hour, this week, this quarter; (5) a structured report written for non-technical decision-makers but defensible in litigation, insurance, and law-enforcement contexts when needed.

What kinds of incidents does SleuthX handle?

Account compromise (email, social, banking, cloud), stalkerware detection on iPhone and Android, wire fraud and SIM swap recovery, crypto investment scam attribution, identity theft investigation, romance scam documentation, deleted-text recovery for divorce, OSINT exposure mapping, and domestic-violence digital forensics under a safety plan. Each incident type has a dedicated page with the methodology detail.

Are the reports court-admissible?

Yes. The methodology aligns with FRE 901 and FRCP 26. Chain of custody is documented. Quinn is qualified to testify under Daubert and Frye standards on the work product. If a case has a legal dimension and you have an attorney, the engagement structures under privilege at the attorney's request.

Where does the AI agent stop and human practitioners take over?

The agent handles the procedural work — data ingest, classification, timeline reconstruction, report generation — that previously consumed senior-analyst hours. Quinn (Founder and CEO, 15 active certifications) and Alex Riffenburgh (Co-Founder and CTO) review outputs before they leave the system on cases where stakes are high. As the agent matures, that human review layer compresses. Today's cases also serve as training and validation data for the agent.

Personal cybersecurity that actually investigates

Was I hacked?
SleuthX answers with real digital forensics in minutes — run it yourself, or have us run it for you.

Describe what happened in your own words. Our AI forensic agent investigates your accounts and devices, builds a defensible report, and walks you through the fix. Drive it yourself to save on cost — or hand the case to our credentialed team and we'll work it for you. Either way, the output holds up for police, insurance, and court.

Try it now Have us do it for you

Two ways to use SleuthX

Drive it yourself, or hand it to our team.

Same forensic methodology, same defensible output, same chain of custody — whichever path fits where you are right now.

Self-serve

Drive it yourself

Best when you're hands-on, want to learn what happened, or have a tight budget. The AI agent handles the forensic work; you steer.

• AI agent with the full forensic toolkit
• Self-paced, no booking needed
• Lifetime access — $995 once
• Output is court-admissible by default

Try SleuthX now

Concierge

Have us drive it

Best when you're in crisis, on a deadline, need a court-grade report tomorrow, or just want a credentialed human to take the case off your plate.

• Credentialed examiner takes the case end-to-end
• Device packages from $2,000 (1, 3, or 5 devices), each including the $995 license; $400/hr flat beyond
• Same forensic output and chain of custody
• Free 15-minute triage call to scope the case

Book a triage call

Switch between modes any time — start DIY, hand off if it gets complicated. Your evidence and chain of custody travel with you.

AI Agent · Open Alpha

The digital forensics agent that prevents, detects, responds to, and remediates any consumer cyber incident — account compromise, stalkerware, wire fraud, SIM swap, crypto scam, identity theft, romance scam.

How SleuthX Works

Input. Agent. Output.

SleuthX ingests data from your accounts and devices, analyzes it with an AI agent built on a working forensics methodology, and escalates to senior human examiners when the case demands it.

Input

Ingest data from accounts and devices

Account logs (email, cloud, banking, social)
Device artifacts and screenshots
Phone, computer, and forensic captures

Agent

Analyze with the AI agent

Classify what's a real compromise vs benign
Reconstruct the timeline of activity
Surface the root cause hypothesis

Output

Deliver a structured report

Compromise classification + severity
Clear next steps you can act on
Court-admissible report when needed

When a case needs human judgment, SleuthX escalates to the practitioner team — Quinn, Alex, Jose — who oversee every output before it leaves the system.

Tour the platform →See how it works Read the field guides →

Deliverables

What you get

Every SleuthX engagement produces the same five deliverables. No mystery, no scope creep.

Compromise classification
Real vs benign, with severity. Tells you whether something actually happened or whether the alarm was noise.
Timeline of activity
What happened, in what order, on which device or account. Reconstructed from logs, artifacts, and forensic captures.
Root cause hypothesis
How the compromise started — phishing, SIM swap, reused password, OAuth grant, malicious app, or insider access. Evidence-backed.
Clear next steps
What to do this hour, this week, and this quarter. Specific to your situation, not a generic checklist.
Structured report (legal-ready optional)
Written for non-technical decision-makers. Court-admissible chain of custody when you need it for litigation, insurance, or law enforcement.

Founder with roughly a decade in incident response and threat intelligence for Fortune 50 enterprises and the defense industrial base. 15 active industry certifications across SANS GIAC, AWS, Splunk, and CompTIA. View all credentials.

Plain terms

What we are — and what we are not

What we are

A digital forensics practice with an AI agent at the center. Credentialed examiners, documented chain of custody, explainable findings you can verify, and court-admissible reports under FRE 901/902. When field work is needed — backgrounds, locates, physical surveillance — we coordinate with licensed private investigators. Lawful, confidential, on your side.

What we are not

Spyware, stalkerware, or a way to secretly monitor another person. We do not "hack back," promise guaranteed money recovery, or touch any account or device without its owner's lawful authorization — and we decline engagements that ask us to.

The Stack

Forensic depth at the center. Protections wrapped around it.

Most consumer cyber suites bolt monitoring on top of more monitoring. SleuthX inverts the stack — the AI forensic agent and the credentialed examiner signing off on findings are the work we own. Identity monitoring, dark-web monitoring, breach response, restoration concierge, and identity-theft coverage layer in underneath.

What we build · Live now

AI forensic agent
Investigates accounts and devices end-to-end. Compromise classification, timeline reconstruction, attribution, and clear next steps. Plain-language intake; deep-investigator depth on demand. Every step is explainable — the agent shows its evidence, and findings are verified before they ship.
Court-admissible reporting
Findings that hold up in court, police filings, and insurance claims. Signed off by a credentialed forensic examiner before they leave the practice.
Methodology engine
The DFIR playbooks the industry charges enterprises five and six figures for, encoded and run automatically. Stalkerware, account compromise, wire fraud, SIM swap, romance scam, identity theft, more.

What we wrap in · Coming

Identity monitoring
Continuous credit-bureau-grade monitoring across all three bureaus, SIM-swap alerts, and account-takeover detection. Same data the major monitoring services use, layered into the agent.
Dark-web monitoring
Continuous scan of breach corpora, paste sites, and underground markets for your credentials, accounts, and exposed data.
Restoration concierge
Full-service identity-theft remediation team for active incidents. Disputes, filings, recovery, and direct work with creditors and law enforcement on your behalf.
Identity-theft coverage
Carrier-underwritten reimbursement coverage for losses, legal fees, and recovery costs — alongside the personal cyber insurance coordination we offer today. Coverage limits and terms set with the carrier at launch.

One investigator. One platform. The forensic layer is what we own; the monitoring infrastructure underneath is licensed from category-leading providers and integrated as the suite ships.

Threats We Trace

We see what they hide.

Stalkerware. Deleted texts. Insider exfiltration. Spoofed accounts. The forensic trail is always there. We surface it, document it, and make it admissible.

Stalkerware
Insider Threat
Account Takeover
Phone Forensics
Spoofing
Exfiltration

Three Practices, One Standard

The work most cybersecurity firms aren't built for.

Personal Forensics

When something feels wrong with your phone, your accounts, or someone in your life, we tell you the truth.

Explore Service

Litigation Support

Privileged forensic work, court-admissible documentation, expert witness testimony. Most matters begin within 48 hours.

Explore Service

Family Office & Advisor Services

Discreet digital risk and forensic work for principals, family offices, and the advisors who serve them.

Explore Service

For Individuals & Families

When something feels wrong, start with answers.

Digital Forensics for Individuals

Court-admissible investigation of devices, accounts, and digital evidence.

Explore Service

New

Stalkerware & Spyware Detection

Forensic phone scan that finds Pegasus, FlexiSPY, mSpy — what consumer apps miss.

Explore Service

Account Recovery

Investigation plus secure recovery for hacked email, social, banking, iCloud.

Explore Service

OSINT Investigation

Verify identities, trace anonymous harassers, map digital exposure.

Explore Service

Privacy Services

Data broker removal, encrypted communications, account hardening, ongoing monitoring.

Explore Service

Identity Theft Investigation

Forensic investigation of how exposure happened. Evidence for police, banks, counsel.

Explore Service

For Attorneys

Court-admissible forensic work.

Litigation Support

Computer + mobile forensics, deleted-data recovery, expert witness. ABA-aligned engagement.

Explore Service

New

Phone Extraction for Divorce

Recover deleted texts, hidden apps, photos — with court-admissible chain of custody.

Explore Service

Cybersecurity Expert Witness

Court-recognized methodology. Available for deposition, hearing, and trial.

Explore Service

E-Discovery & ESI

Forensically sound collection and production. FRCP 26 and FRE 901 aligned.

Explore Service

Meet Your Practitioner

Quinnlan Varcoe

Founder & CEO

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response

View Full Bio Connect on LinkedIn

How We Work

A confidential, structured engagement.

Confidential Consultation

A direct conversation with Quinn, the founder and CEO who oversees every engagement. NDA-protected. No sales process.

Scoped Engagement

A clear written proposal with defined deliverables, timeline, and pricing. No hidden costs.

Investigation and Findings

Forensic work conducted to court-admissible standards, with regular communication and a written summary you can act on.

Trusted by Security Leaders

Client Perspectives

“SleuthX has proven to be an outstanding partner. We've trusted them to handle sensitive investigations, and they consistently deliver clear, evidence-based answers. They are a trusted extension of any security firm.”

Aaron Birnbaum

Managing Partner · Seron Security

“Quinnlan brings more than cybersecurity expertise. She brings strategic alignment. She has a strong ability to take complex situations and break them down into clear, understandable findings. She's the kind of asset who elevates your offering.”

Caroline Lombard

Threat Specialist · Amazon Web Services

“Her ability to navigate high-stakes incidents was invaluable. She stays focused on the evidence and avoids speculation, which is critical when someone is trying to understand whether they've actually been compromised. She's a game-changer for channel growth.”

Justin Cox

Senior AWS Security Analyst · PayPal

“Working with SleuthX has been one of the most seamless collaborations. They bring a disciplined and professional approach to digital investigations. They're not just a vendor. You can trust them.”

Soufiane Jihadi

Senior Incident Response Consultant · Deloitte

Frequently asked about SleuthX

Schedule Your Session

Get answers, not alerts.

SleuthX ships you a structured forensic report on what actually happened — compromise classification, timeline, root cause, next steps. Start with the agent now, or talk to Quinn if your case is active and time-sensitive.

Schedule Consultation (239) 241-8095 Send a message