What should I do right now if I am being cyberstalked?

Get to physical safety, start a written timeline log, preserve original messages with timestamps, do not delete or respond, report to the platforms in writing, file a police report and an ic3.gov report when appropriate, and call a forensic investigator before resetting any devices.

Do you have suggestions for an attorney I should hire?

Start with a victim advocate (VictimConnect at 1-855-484-2846 or the National Domestic Violence Hotline at 1-800-799-7233), who can route you to a stalking-experienced attorney in your jurisdiction. Petronella Technology Group, Inc. makes direct attorney referrals in North Carolina when it is the right fit.

What does a cyberstalking forensic investigation cost?

The intake call is free. Threat assessment and triage starts at $1,500, mobile device forensic imaging starts at $3,500 per device, an examiner affidavit starts at $2,500, and expert witness testimony is $750 per hour plus travel. Final pricing depends on scope and is quoted after the free intake.

Should I delete the harassing messages?

No. Deletion destroys evidence that may be needed for a restraining order, civil suit, or criminal prosecution. Preserve the originals first (screenshots plus platform data exports), then move them to a separate folder or device so they are out of sight without being destroyed.

How do I find out if there is spyware on my phone?

Run the iOS Safety Check (iPhone) or review installed apps and Bluetooth pairings (Android), and watch for rapid battery drain, unexplained data usage, and unfamiliar apps. The reliable answer is a forensic examination by a licensed examiner, which preserves the evidence trail before any remediation.

Can the suspect see that I am taking action?

Sometimes. Changing one password or removing one tracker can warn the suspect. The safer pattern is to preserve evidence first, then close every door at once: revoke all sessions, change all passwords, replace the router, and remove all trackers in a coordinated sweep rather than piecemeal.

Is the consultation confidential?

Yes. Petronella Technology Group, Inc. holds intake details under a strict confidentiality protocol. When the firm is retained by your attorney under a Kovel arrangement, the work product is also covered by attorney-client privilege.

What is the North Carolina law on cyberstalking?

Cyberstalking is criminalized under N.C. Gen. Stat. Section 14-196.3, and the broader stalking statute is N.C. Gen. Stat. Section 14-277.3A. Civil protective options include a Chapter 50B domestic violence protective order for qualifying personal relationships and a Chapter 50C civil no-contact order for other relationships.

Victim guide

Cyberstalking Victim Guide: What to Do, Who to Call, What It Costs

A practical, trauma-informed playbook for people targeted by cyberstalking, online harassment, doxxing, image-based abuse, or device-enabled surveillance. Written by a North Carolina digital forensics firm that documents these cases for attorneys, restraining-order hearings, and law enforcement.

If you are in danger right now

Call 911 for immediate physical threat. If you are unsure or you need to talk, the VictimConnect Resource Center is reachable at 1-855-484-2846 (Mon to Fri, weekday hours, free, confidential), and the National Domestic Violence Hotline answers 24/7 at 1-800-799-7233. Both can route you to local stalking-specific services in your county.

What evidence to preserve before you change a single password, and the timestamps that matter in court
How to find a cyberstalking-experienced attorney, how to file a civil no-contact or 50C order in North Carolina, and when to push for criminal charges
A device hygiene checklist that gets the suspect off your phone, accounts, and home network without tipping them off
A typical cost range for forensic preservation, expert affidavits, and court testimony so you can budget before you call
Forty questions an investigator will ask you, organized so you can write your answers down once and hand them to any professional who needs them

DFE License 604180 CMMC-AB RPO #1449 BBB A+ since 2003 23+ years digital evidence

Request a confidential callback

A licensed forensic examiner will reach out within one business day. Free 15-minute intake, no sales pressure, no upfront cost.

Or talk to someone now

Call Penny (919) 348-4912 Answers 24/7, can schedule an expert

Confidential. Intake is held under a strict privacy protocol. Investigative work can be performed under attorney engagement (Kovel) so findings are covered by privilege.

Yes, we handle these cases

Do You Take Cyberstalking and Online Harassment Cases?

Yes. Petronella Technology Group, Inc. has worked cyberstalking, online harassment, doxxing, sextortion, image-based abuse, and device-enabled surveillance matters for individuals, attorneys, employers, and law-enforcement-adjacent investigations since 2002. Craig Petronella holds North Carolina Digital Forensic Examiner license 604180-DFE and has appeared as an expert witness on digital evidence in civil and criminal proceedings.

The cases we are equipped to support include traditional cyberstalking (a sustained pattern of contact, surveillance, or threats delivered through electronic means), tracker-based stalking (AirTags, GPS, hidden trackers, spyware), account takeover and impersonation, non-consensual intimate image distribution (sometimes called revenge porn), sextortion, deepfake and AI-generated harassment, business email compromise that escalates into harassment of an employee, and coordinated harassment campaigns from groups or anonymous accounts.

What we are not is a law firm or a police department. We do not file restraining orders, we do not arrest anyone, and we do not give legal advice. We do produce the evidence record that a lawyer or detective needs in order to act, and we work directly under an attorney's engagement when the situation calls for that protection. If you do not already have counsel, this page includes guidance on finding one, and we will refer you to North Carolina attorneys who handle these matters routinely if that is what you need.

The first call is free. We will spend about fifteen minutes listening to what is happening, asking targeted questions, and explaining the realistic options. If your situation is outside what we can help with, we will say so on that call and route you to the right resource, whether that is law enforcement, a victim advocate, a different forensic specialist, or an attorney with a specific subject-matter focus.

Ready to talk? Schedule a free 15-minute consult with Petronella Technology Group, Inc.

Immediate action

What Should I Do Right Now? Seven Steps in the First 72 Hours

If you are not in immediate physical danger, do not delete anything, do not confront the suspect, and do not change passwords yet. The single most important window in a cyberstalking case is the first 72 hours, and the actions you take in that window will determine what the police, an attorney, and an investigator can actually do for you later.

Get to physical safety first, then think about evidence

If there is any threat of physical violence, call 911 and get to a safe location. If you are in an intimate-partner situation, call the National Domestic Violence Hotline at 1-800-799-7233 before you change anything on your phone, since changing a tracker can warn the suspect. Physical safety is the only thing that comes before evidence preservation. Everything else on this list can wait an hour.
Start a written log with timestamps

Open a single document on a device the suspect does not control. Record every incident with a date, time, platform, what happened, who else saw it, and whether you reported it. Keep adding to the same log. Courts trust contemporaneous logs because they are hard to fabricate. A retroactive log written after the fact carries far less weight.
Preserve the original messages before you delete or block

Screenshot every message, post, email, and voicemail with visible timestamps and usernames. If the platform allows it (Gmail, Outlook, Twitter/X, Facebook, Instagram), request a full data export so the original metadata is preserved, not just a screenshot. For text messages, do not rely on screenshots alone, since carriers retain records for limited windows. Ask your carrier in writing to preserve them.
Do not delete, do not respond, do not block yet

Deleting messages destroys evidence. Responding can give the suspect material they use against you. Blocking before you have preserved the record can lose evidence and tip the suspect that you are taking action, which often escalates the behavior. Investigators usually want one preservation pass first, then deliberate blocking, then a continued monitoring plan on a separate channel you control.
Report to the right platforms in writing

Every major platform (Meta, Google, Apple, Snap, TikTok, X, Discord) has a stalking and harassment reporting flow. Submit the report and screenshot the confirmation. Even when the platform does nothing immediately, the report timestamp becomes part of your record. Save every reference number. If an account violates terms of service repeatedly with no platform response, that pattern is itself useful evidence later.
Report to law enforcement and to the FBI online crime portal

Local police will take a report. Bring your written log, your screenshots, and a one-page summary. If the conduct crosses state lines, if it involves a federal crime (interstate threats, image-based abuse, certain forms of impersonation), or if you live in a small jurisdiction without a cyber unit, also file a report at ic3.gov with the FBI Internet Crime Complaint Center. Federal records are searchable across jurisdictions and can connect your case to other victims of the same suspect.
Call a forensic investigator before you reset your devices

Spyware, trackers, hidden accounts, and persistent backdoors leave traces that are destroyed by a factory reset. A forensic investigator can image your device first, then guide you through a clean rebuild that gets the suspect off your phone and your accounts without losing the evidence of how they got there. This is one of the most common mistakes we see: a well-meaning device reset that eliminates the only proof of how the surveillance was happening.

Need help walking through these in order? Call (919) 348-4912 for a free 15-minute intake

Evidence that actually holds up

How to Preserve Digital Evidence So It Survives Court

Screenshots alone are rarely enough. Courts want metadata, chain of custody, and forensic images, all of which become impossible to recreate once a device is reset, an account is deleted, or a platform retention window closes. The preservation choices you make in the first week determine what your attorney can actually file.

Why screenshots are necessary but not sufficient

A screenshot proves what was on a screen at one moment. It does not prove who sent it, when it was actually delivered, what server processed it, or whether it was edited on the way. A defense attorney can challenge a screenshot on every one of those points. The remedy is to capture screenshots AND request the underlying records: platform data export, email full headers, carrier text-message logs, and device backups. The combination is what makes the evidence resilient.

Original-message preservation

Email: save the full message with internet headers (Show original in Gmail, View source in Outlook). Forwarding strips headers, so never use forwarded copies as the evidence of record.
SMS and iMessage: request a carrier-side preservation letter through your attorney. Apple iCloud Messages and iTunes encrypted backups also preserve full thread metadata, but only if you capture the backup before any reset.
Social platforms: use the official data-download tools (Meta, Snap, TikTok, X, Discord). These exports include timestamps, IDs, and edit history that screenshots cannot show.
Calls and voicemails: the carrier holds the canonical call detail records. Voicemail recordings should be exported with the file metadata intact, not re-recorded with another phone.
Web pages and posts: capture with a tool that preserves the URL, timestamp, and DOM (browser print-to-PDF works, web.archive.org and archive.today create independent third-party captures, and forensic-grade tools like Hunchly preserve a complete snapshot).

Chain of custody, in plain English

Chain of custody is the documented story of who held the evidence, when, and what they did with it. If you image a phone yourself with a free tool, the defense will argue that the image is unreliable. If a licensed forensic examiner images the phone, documents the hash, stores the image on a write-blocked drive, and produces an affidavit, the image is admissible. The cost difference is real, and so is the legal difference. For minor matters, a documented self-preservation is usually enough. For matters going to court, restraining-order hearings, or criminal prosecution, professional preservation is the right call.

What to ask any platform to preserve

Send a preservation letter (your attorney can draft a standard one) requesting that the platform preserve all records associated with the suspect's account or the conduct, even if the account is later deleted. Most major platforms honor preservation requests for ninety days. Many will preserve longer with a subsequent legal request. The clock starts the day you send the letter, so do not wait.

Get the suspect off your devices

Digital Security Checklist: Lock the Suspect Out Without Tipping Them Off

If a current or former partner had physical access to your phone, computer, router, or accounts, assume they still have access until proven otherwise. The goal is to close every door at once, not one at a time, because a partial sweep warns the suspect and lets them keep one foothold.

Accounts

Audit, do not just change passwords

For every account, review active sessions and authorized devices. Look for unknown sessions in Google, Apple ID, Microsoft, Meta, and your password manager. Revoke unfamiliar sessions before changing the password. Then change the password to a long unique passphrase, rotate the recovery email and recovery phone, and turn on a hardware security key or app-based two-factor authentication.

Replace SMS two-factor with an authenticator app or hardware key (SMS is interceptable).
Review the security questions; many were set with information the suspect knows.
Audit OAuth-connected apps; revoke anything you do not recognize.

Phone

Hunt for stalkerware and trackers

Stalkerware (Cocospy, mSpy, FlexiSpy, Hoverwatch, and many others) hides from the home screen. iOS Lockdown Mode and an iOS Safety Check can surface and revoke shared data. Android requires a more careful walk-through, often with a forensic image first. Check for unfamiliar AirTags, Tile trackers, GPS devices in your vehicle, and Bluetooth pairings you do not recognize.

iPhone: Settings, Privacy and Security, Safety Check, Manage Sharing and Access.
Android: Google Find Hub, Settings, Connected devices, Bluetooth (unpair unknowns).
Both: review installed apps for ones you did not install.

Home network

Replace the router; reset the smart-home gear

If the suspect ever lived with you or visited often, the home router is a likely backdoor. The most reliable fix is to replace it, not reconfigure it. Reset every smart-home device (cameras, thermostats, smart locks, Alexa or Google Home) to factory settings and re-enroll them under a new account the suspect has never seen. Pay special attention to indoor cameras, baby monitors, and Ring doorbells.

Move guest devices off your primary SSID.
Disable remote-access features you are not actively using.
Change the password for the underlying smart-home account, not just the device.

Identity

Freeze credit, opt out of data brokers, lock your SIM

Cyberstalkers often pivot to financial harassment and doxxing. Freeze your credit at all three bureaus (Equifax, Experian, TransUnion), add a SIM-swap PIN with your mobile carrier, opt out of major data brokers (Spokeo, BeenVerified, Whitepages, and many more), and consider an address-confidentiality program if your state offers one. North Carolina's ACP is administered by the Attorney General's office for stalking, domestic violence, and trafficking survivors.

Freeze credit at all three bureaus (free, online, takes minutes each).
Call your carrier and set a port-out PIN.
Opt out of data brokers (manual; budget a few hours).

Legal options

Do You Have Any Suggestions for an Attorney I Should Hire?

Yes, with a caveat: the right attorney depends on what you want to accomplish. Restraining orders, civil suits for damages, criminal prosecution, employment matters, and image-based-abuse takedowns all touch different practice areas. The best general advice is to start with a stalking-experienced victim advocate who can route you to the right kind of lawyer for your specific facts, and to interview at least two attorneys before retaining one. We make direct referrals to North Carolina attorneys we have worked with on these matters when it is the right fit.

How to find a stalking-experienced attorney

The most reliable starting point is a victim advocate. Advocates work with stalking and intimate-partner-violence cases every day and know which local attorneys actually handle them. Call the VictimConnect Resource Center at 1-855-484-2846 for nationwide referrals, the National Domestic Violence Hotline at 1-800-799-7233 if there is an intimate-partner element, and the North Carolina Coalition Against Domestic Violence for in-state services. The Stalking Prevention, Awareness, and Resource Center (SPARC) publishes a practitioner directory and maintains the most current legal definitions across all fifty states.

For free or sliding-scale civil legal help in North Carolina, contact Legal Aid of North Carolina or the North Carolina Bar Association Lawyer Referral Service. For complex multi-state or federal matters, the National Crime Victim Law Institute maintains a network of attorneys focused on victims' rights.

What to look for when you interview a lawyer

Has handled at least five stalking, cyberstalking, or non-consensual intimate image cases in the last two years.
Has filed at least one civil no-contact order (50C in NC) or domestic violence protective order (50B in NC) in the relevant county.
Is comfortable working with a forensic examiner and reading affidavits about digital evidence.
Discusses fees up front in writing and will accept a phased engagement letter (research, then file, then hearing).
Is reachable through a clear, monitored channel and will not communicate with the suspect for you outside the legal process.

Civil vs criminal vs both

Civil options give you a no-contact order, monetary damages in some cases, and platform leverage when an account is in violation of a court order. Criminal options give you the threat of arrest and prosecution, but the decision to charge belongs to the prosecutor, not to you. A good attorney will explain both paths on the first call and tell you which makes sense for your facts. In North Carolina, the cyberstalking statute is N.C. Gen. Stat. § 14-196.3, and the stalking statute is N.C. Gen. Stat. § 14-277.3A. Most other states have parallel statutes; SPARC maintains a current cross-walk.

Kovel: privileged forensic work under attorney engagement

When a forensic investigator is retained directly by your attorney rather than by you, the investigator's work product is covered by attorney-client privilege under what is called a Kovel arrangement (from the case United States v. Kovel). This means the chat logs, the device images, and the investigator's conclusions cannot be subpoenaed away from the legal team in most circumstances. For sensitive cases (especially when the suspect is sophisticated, when there is a financial dispute alongside the harassment, or when the matter may go to trial), Kovel is usually the right structure. We routinely operate this way and will work with your counsel to set the engagement up correctly.

Need a referral? Ask Petronella Technology Group, Inc. for an attorney introduction

Pricing

What Does This Type of Work Cost?

Cyberstalking investigations are scoped to the specific facts of the case, so quotes are issued after a free intake call. The numbers below are honest ranges from real matters we have worked, in 2026 dollars, so you can budget before you call. Most clients spend less than they expect on triage and more than they expect on courtroom-grade preservation. Plan for both.

Engagement	Typical fee	What you get
Intake call	Free	15-minute confidential conversation, scoping options, plain-language next steps.
Threat assessment and triage	From $1,500	Two-hour working session, evidence-preservation plan, written summary you can hand to police or counsel.
Mobile device forensic image (per device)	From $3,500	Forensic acquisition of an iPhone or Android device, hash-verified image, written examiner notes.
Computer forensic image (per device)	From $4,500	Forensic image of a laptop or desktop, write-blocked acquisition, hash-verified storage.
Spyware and stalkerware sweep	From $2,500	Examination of a device for known and unknown surveillance tools, IOC report, remediation plan.
Affidavit for restraining-order hearing	From $2,500	Written examiner affidavit tied to preserved evidence, formatted for civil filing.
Expert witness testimony	$750 per hour plus travel	Court appearance, deposition, or recorded testimony by a licensed Digital Forensic Examiner.
Open-source intelligence (OSINT) investigation	From $3,500	Identification and documentation of suspect-linked accounts, aliases, IP and metadata trail.

Payment is 100% upfront for each fixed-fee milestone (this protects both parties and keeps the relationship clean). When work is performed under attorney engagement, the attorney is invoiced directly so that privilege attaches and the engagement remains under their oversight. For low-income survivors, we honor reduced-fee referrals from Legal Aid of North Carolina and several local victim-services agencies; ask on the intake call and we will tell you what we can do.

Note on cost expectations. Cyberstalking cases vary widely. A single hostile ex-partner sending text-message threats may need only triage, preservation, and an affidavit (often well under $10,000 total). A multi-state, multi-platform, year-long harassment campaign with cryptocurrency-funded perpetrators can require ten times that. The intake call is where we make a realistic estimate so you are not surprised.

Who is working your case

Twenty-Three Years of Digital Forensics. Hundreds of Sensitive Matters.

Petronella Technology Group, Inc. is a Raleigh, North Carolina cybersecurity and digital forensics firm, headquartered at 5540 Centerview Drive, Suite 200, Raleigh, NC 27606, with a Better Business Bureau A+ rating since 2003 and the senior team holding the CMMC Registered Practitioner credential.

Craig Petronella founded the firm in 2002 and has been doing digital forensic and incident response work for over two decades. He holds North Carolina Digital Forensic Examiner license 604180-DFE, the CMMC Registered Practitioner credential, the Cisco CCNA, the Certified Wireless Network Expert (CWNE), and MIT certifications in Artificial Intelligence and Blockchain. He is the author of fourteen books on cybersecurity and compliance, including titles on HIPAA, CMMC, and the threat landscape facing small and mid-market organizations. The full senior team (Craig Petronella, Blake Rea, Justin Summers, Jonathan Wood) is CMMC Registered Practitioner certified.

The firm does work for individuals, attorneys, employers, and regulated organizations. The same forensic discipline we bring to a CMMC assessment or a healthcare breach is the discipline we bring to a personal cyberstalking matter, including hash-verified imaging, write-blocked acquisition, formal examiner notes, and affidavits formatted for civil and criminal filings. We have appeared as expert witnesses on digital evidence and we work routinely under attorney engagement to preserve privilege.

Cyberstalking work also touches our broader practice areas: expert witness services in North Carolina, incident response for account takeovers and business email compromise, and the specific cyberstalking help intake page when you need to move faster than this guide. If the case has an image-based-abuse component, see also our sextortion response and deepfake extortion recovery pages.

DFE License 604180 CMMC-AB RPO #1449 CMMC-RP Team CCNA CWNE MIT-Certified AI & Blockchain BBB A+ since 2003 Author of 14 books

Not sure where you are in this? Talk to a forensic investigator.

Most people reading this page are deciding between calling someone today or waiting a week. Waiting almost always costs evidence. The intake call is free, confidential, and takes about fifteen minutes.

Request a callback Call Penny (919) 348-4912 Answers 24/7, can schedule an expert

FAQ

Cyberstalking Frequently Asked Questions

The list below pulls together the questions an investigator, an attorney, a victim advocate, or a police detective will most commonly ask you. Write your answers down once. You will hand the same document to every professional who joins your team, and it will save you from telling the story from scratch four or five times.

When did the behavior first begin, and how often does it happen now?

Investigators want a timeline. Note the earliest incident you can recall (even one you brushed off at the time), the pattern since then, and the current frequency. Daily contact looks different in court than once-a-month contact. If the conduct escalated after a specific trigger (a breakup, a termination, a court ruling, a social-media post), name the trigger and the date.

What platforms or methods is the suspect using?

List every channel: email, SMS, iMessage, calls, voicemails, social platforms by name, dating apps, anonymous services, fake accounts, comments on third-party sites, GPS trackers, AirTags, spyware, smart-home devices, deepfake imagery, AI-generated impersonation, in-person contact, contact through friends or family. The breadth of channels often establishes the pattern of stalking even when no single incident would.

Has the behavior escalated over time?

Escalation matters for both prosecution and for risk assessment. Examples of escalation include: a shift from anonymous to named contact, from messages to physical proximity, from one platform to many, from harassing the target to harassing the target's family or employer, from threats of reputational harm to threats of violence. The Danger Assessment developed by Dr. Jacquelyn Campbell is a validated tool advocates often use in intimate-partner cases.

What specific messages, threats, or actions have occurred?

Quote them verbatim wherever possible. A vague summary ("threatening messages") is less actionable than the actual text ("if you don't take me back I'll show up at your job"). Preserve the originals (see the evidence section above) and keep the verbatim quotes in your written log so an attorney can build the petition language from your record.

Did the suspect impersonate you or try to damage your reputation online?

Impersonation accounts, fake reviews, fake social profiles, harassing emails sent in your name, and fabricated screenshots all qualify. Document the impersonation, request platform takedowns under each platform's impersonation policy, and preserve the URLs and screenshots before the accounts disappear. This is also the moment to put your employer or business partners on notice in writing so they have your version of events before they see the fake one.

Have intimate images, personal information, or private data been shared?

Non-consensual intimate image distribution is a crime in every U.S. state and a federal crime under the TAKE IT DOWN Act passed in 2025. The StopNCII.org service can proactively prevent re-uploads of specific images to participating platforms. The Cyber Civil Rights Initiative operates a crisis helpline at 1-844-878-2274 staffed by people who handle these cases every day.

Do you know or suspect who is responsible?

Most stalking is committed by someone the victim knows (around two-thirds, per SPARC). Even if you are not certain, name the most likely suspect on the intake and explain why. A good investigator can validate or rule out the theory with OSINT, account-linkage analysis, and metadata from preserved messages. Naming a suspect early speeds the work; it does not commit you to an accusation.

What is your relationship to the suspect?

Ex-partner, current partner, coworker, former coworker, business associate, family member, online acquaintance, stranger, neighbor, or member of an online community. The relationship determines what legal remedies are available. In North Carolina, a 50B domestic violence protective order applies to certain personal relationships, while a 50C civil no-contact order applies to non-domestic relationships including coworkers, neighbors, and strangers.

Has the suspect stalked, threatened, or harassed you offline too?

Drive-bys, showing up at your workplace, sending packages, contacting your friends or family, slashing tires, and physical confrontations all matter. Offline conduct often elevates the case from civil harassment to criminal stalking, and it changes the safety planning. Tell your investigator and your attorney about every offline incident, even ones you wrote off at the time.

Does the suspect have access to your devices, passwords, or accounts?

If yes, or if you are unsure, assume yes until proven otherwise. Stalkerware, shared Apple IDs, shared Google accounts, family-sharing arrangements, and old shared passwords are the most common backdoors. Do not start changing passwords one at a time before reading the device-hardening section above; a partial sweep often warns the suspect and triggers retaliation.

Has the suspect installed apps or devices on your phone, computer, or car?

Common indicators include rapid battery drain, unexplained data usage, the phone running hot when idle, unfamiliar apps, notifications you do not recognize, and (for vehicles) an AirTag, Tile, or aftermarket GPS tracker. The reliable answer is a forensic examination, not a self-check. iOS Lockdown Mode and Android safety scans help but do not catch everything.

Do you have screenshots, emails, chat logs, voicemails, or call records?

The more you have preserved, the more your investigator and attorney can do. If you have deleted things in the past, say so on the intake, do not pretend otherwise. Some deleted material is recoverable from forensic images or from platform data exports; some is gone. Either way, an honest inventory is the right starting point.

Did you delete anything related to the harassment?

Be honest. Deletion is normal (the messages are upsetting and people want them gone). It is not disqualifying, and a forensic examiner can often recover material from device backups, iCloud, Google Takeout exports, or carrier records. Telling the team early what was deleted, and when, lets them target preservation requests at the right windows before retention runs out.

Have you reported the activity to platforms or service providers?

Note every report you have filed, including the platform, the date, the case or reference number, and the outcome. Even when platforms ignore reports, the record of repeated reports is useful evidence. If you have not filed yet, the device-hardening section above lists the major platforms; file each one in writing and screenshot the confirmation.

Have your accounts been hacked, or have unfamiliar devices logged in?

Check the security or sign-in pages for Google, Apple, Microsoft, Meta, X, and your password manager. Any session you do not recognize is a finding. Capture screenshots before you revoke the session (you want the IP address, the device string, and the timestamp on the record). Set up alerts for every new sign-in so the next intrusion shows up in your inbox the moment it happens.

Have you felt physically unsafe, or have there been threats of violence or self-harm?

This is not a question to minimize. If you are afraid for your physical safety, that fear is itself evidence relevant to a protective-order petition in most jurisdictions. Document the threats verbatim. If the suspect has threatened self-harm in a way intended to control you, name it for what it is and include it in your timeline.

Have you contacted police, or filed any restraining or protective orders before?

Prior reports, prior orders, denials, dismissals, and any documented police interactions are all relevant. Even an unsuccessful prior petition adds to the record of the pattern. Bring report numbers and copies of any prior orders to the intake.

What technical details will the investigator need?

Usernames, email addresses, phone numbers, and aliases used by the suspect; URLs and profile links connected to the harassment; dates and times of incidents; IP addresses or device information when you have them; full message headers; account recovery attempts and login alerts that arrived in your inbox; any handles you have seen the suspect use under different names on different platforms.

Why do you believe the suspect is the person you suspect?

State the motive, the access, the prior conflicts, the writing style, the timing patterns, and any tell or signature (a phrase, a misspelling, a screen name reused across accounts). Even circumstantial evidence helps an investigator narrow the search. Investigators use this kind of soft evidence to set up the technical pivots that produce hard evidence.

Were there any triggering events, and is the harassment coordinated with others?

Breakups, terminations, custody disputes, business disputes, and public statements are common triggers. Coordinated harassment (multiple accounts that surface at the same hour, share the same vocabulary, or amplify each other) suggests either sock-puppet accounts run by one person or an organized group. Both look very different in the data, and an OSINT investigation can usually tell which it is within a week.

How long does a cyberstalking investigation typically take?

An initial triage and preservation pass can complete in a few days. A focused investigation around a known suspect on one or two platforms typically runs two to four weeks. A multi-platform OSINT investigation against an unknown suspect can take six to twelve weeks. Expert-witness affidavits and depositions extend the timeline further. The intake call is where we estimate based on your specific situation.

Is the consultation actually confidential?

Yes. Petronella Technology Group, Inc. holds intake details under a strict confidentiality protocol. When work is performed under an attorney engagement (a Kovel arrangement), the work product is also covered by attorney-client privilege. We do not sell, share, or use your information for marketing outside the engagement.

This guide is informational, not legal advice. Petronella Technology Group, Inc. is a digital forensics and cybersecurity firm, not a law firm. Stalking laws, civil and criminal remedies, and victim-services rules vary by state and change over time. Always consult a licensed attorney in your jurisdiction for advice about your specific situation, and always call 911 if you are in immediate danger. External resources mentioned in this guide (VictimConnect, the National Domestic Violence Hotline, SPARC, NCCADV, Legal Aid of NC, StopNCII.org, Cyber Civil Rights Initiative, ic3.gov) are independent of Petronella Technology Group and operate under their own terms of service.

Resources

Free Hotlines, Helplines, and Referral Networks

VictimConnect Resource Center Free, confidential referral helpline for victims of any crime, including stalking and cyberstalking.
1-855-484-2846 · victimconnect.org
National Domestic Violence Hotline 24/7 confidential support for intimate-partner stalking, abuse, and safety planning.
1-800-799-7233 · Text "START" to 88788 · thehotline.org
Stalking Prevention, Awareness, and Resource Center (SPARC) Practitioner training, state-by-state statute database, and a national directory of stalking-specific resources.
stalkingawareness.org
NNEDV Safety Net National Network to End Domestic Violence project focused on technology safety, stalkerware, and survivor digital security.
techsafety.org
Cyber Civil Rights Initiative Crisis Helpline Specialized support for non-consensual intimate image distribution and image-based abuse.
1-844-878-2274 · cybercivilrights.org
StopNCII.org Free hash-matching tool that helps prevent re-uploads of intimate images to participating platforms.
stopncii.org
FBI Internet Crime Complaint Center (IC3) Federal reporting portal for cyber-enabled crime, including interstate stalking and online threats.
ic3.gov
North Carolina Coalition Against Domestic Violence Statewide directory of local NC programs offering safety planning, court advocacy, and shelter.
nccadv.org
Legal Aid of North Carolina Free civil legal help for low-income North Carolinians, including domestic-violence protective-order assistance.
1-866-219-5262 · legalaidnc.org
NC Address Confidentiality Program Substitute address program for survivors of stalking, domestic violence, sexual assault, and human trafficking.
Administered by the NC Attorney General · NC Courts ACP