Forensic Five · Alberta-based · Canadian data residency
Forensic Five protects the public surfaces of law firms, professional services, and other organizations where confidentiality is non-negotiable — with continuous monitoring, evidence-grade reporting, and a named analyst on the consequence.
Complimentary website security assessment — no signup required. Issued as a written report.
Written security review of your public website — SSL, headers, exposed services, surface risks.
Co-managed website security monitoring with audit-ready narratives between formal reviews.
Written narratives your auditor, board, or insurer can review without re-interpretation.
Penetration testing, incident response, and consulting — on retainer when severity warrants.
A complimentary written assessment establishes where your website stands today. Continuous co-managed monitoring keeps that picture current and auditable — with a named Forensic Five analyst on call when severity warrants escalation.
A no-cost technical review of your firm’s public website covering SSL configuration, security headers, exposed services, and known surface risks. Issued as a written report you can share internally with IT, partners, or your insurer.
Recurring co-managed monitoring of your website’s security posture, with audit-ready narratives drafted between formal reviews and a named Forensic Five analyst on call when severity warrants escalation. Reports trace back to history, not anecdotes.
Every assessment and ongoing monitoring engagement is accompanied by a written narrative aligned to the obligations your firm carries — bar association guidelines, SOC 2, ISO 27001, PIPEDA, or internal policy. Forensic Five operates the underlying language model with documented prompts, safeguards, and escalation paths so its outputs are consistent and defensible month over month.
When findings exceed what monitoring alone can resolve, Forensic Five engages directly — under existing retainer or scoped statement of work.
Structured technology and process reviews aligned to bar association guidelines, SOC 2, ISO 27001, PIPEDA, and internal firm policy. Findings carry forward into ongoing monitoring.
Service detailHands-on offensive testing of practice management platforms, document portals, client-facing applications, and supporting infrastructure. Exploit paths feed directly into the monitoring posture record.
Service detailTailored training for partners, associates, and support staff. Scenario-based, recorded, and integrated with monitoring data so behaviour change is observable rather than asserted.
Service detailBreach mitigation, incident response, governance, and resilience architecture. Engaged proactively, or activated on retainer when an incident is suspected.
Service detailForensic Five engagements are scoped, written, and conducted to standards firms can defend to a client, a regulator, or a court — not standards designed for a marketing screenshot.
Forensic Five is set up for organizations whose obligations to clients, partners, or the public are higher than their headcount.
A written security review of your firm’s public website. No commercial obligation.
If you wish to continue, a written proposal sized to your firm — obligations, sites, and reporting cadence.
Monitoring, monthly recap, quarterly audit-narrative pack, and a named analyst on the consequence.
Engagements are confidential by default. We do not publish client names, sectors, or case studies without written consent.
Request a confidential conversationWhether you need a complimentary assessment of your firm’s website today, continuous co-managed monitoring, or a named Forensic Five analyst on retainer, we’d be glad to discuss the engagement that fits your obligations.
All conversations are confidential. Engagements are documented under written agreement before any data is shared.