Skip to main content
Individuals

Spyware installed by ex-partner: how SAJ Recherche cleaned three devices and preserved evidence

“He knew things he couldn’t possibly know”

A woman from the Amsterdam area contacted SAJ Recherche a few months after her divorce. Her ex-partner — with whom she shared a custody arrangement for their two children — appeared to know what she discussed in private conversations. He reacted to appointments she had never shared with him. During arguments, he quoted fragments from messages she had exchanged with her sister. He knew when she arrived home in the evenings.

“He knew things he couldn’t possibly know,” she told us during the intake. “My lawyer believed me, but without evidence there was nothing we could do.”

Three devices, one investigation

The client had three devices her ex-partner had previously been able to access: an Android smartphone, an iPad and a Windows laptop. All three had been purchased during the relationship. Until three months before the investigation, her ex-partner had access to the home network and knew the passwords to her Apple ID and Google account.

SAJ Recherche conducted a professional malware and spyware scan on all three devices using specialised mobile forensic software (UFED, Cellebrite) and static analysis of installation logs, background processes and network traffic.

Smartphone findings (Android)

On the Android phone, a stalkerware application was discovered masquerading as a system tool called “DeviceManager_v2”. The app had been installed outside the Play Store via sideloading and was not visible in the regular app list. The application:

  • Transmitted location data every two minutes to an external server address
  • Made ambient audio recordings via the microphone during incoming calls
  • Periodically exported WhatsApp and SMS content to cloud storage

The installation date coincided with a day on which her ex-partner had picked up the children and the phone had been left unattended on the kitchen table for a short time.

iPad findings

No separate spyware application was found on the iPad. However, her Apple ID password had not been changed after the divorce. Through Apple’s “Family Sharing” feature, her ex-partner still had access to her calendar, location and cloud storage. An access log showed that this account had been consulted 47 times in the three months preceding the investigation, from an unrecognised device.

Laptop findings

On the Windows laptop, a Remote Access Tool (RAT) was found — software that gives a remote user real-time access to a computer’s screen and files. The software had been installed via a link in an email sent to the client from an address resembling that of her employer.

Evidence secured, forensic report produced

SAJ Recherche documented all findings in a forensic report comprising:

  • Installation dates and methods of the software found
  • Log files of data transfers including timestamps and destination IP addresses
  • Screenshots of background processes and network traffic
  • A forensic copy (bit-for-bit image) of the relevant disk partitions
  • A statement on the provenance of the evidence and the investigation methodology applied

This report was submitted to the client’s solicitor, who introduced it in court as part of custody proceedings. The court ruled that systematic violation of privacy had occurred and constituted a serious infringement of the client’s personal life.

What happened next

In addition to the forensic report, SAJ Recherche advised the client on immediate security measures:

  1. Factory reset all devices after evidence had been preserved
  2. Create a new Apple ID and Google account with a fresh email address
  3. Use a password manager with unique passwords for each service
  4. Enable two-factor authentication on all accounts
  5. Replace the home router and set a new password

After these measures were implemented, her ex-partner’s seemingly “accidental” knowledge stopped abruptly.

Do you recognise this pattern?

Spyware installed by a (former) partner is a form of domestic abuse and constitutes a criminal offence under Dutch law (Article 138ab of the Penal Code — computer intrusion). Victims frequently doubt themselves or feel ashamed — while the technology to carry out this surveillance is increasingly easy to misuse.

Signs your devices may be compromised:

  • Your partner or ex knows things from private conversations
  • Your phone battery drains faster than usual
  • Your phone gets warm when you are not using it
  • Unknown apps or processes visible in the task manager
  • Unexpected data usage spikes on your mobile plan
  • Someone responds suspiciously quickly to locations or plans you never shared

A professional spyware scan typically takes half a day and produces a forensic report that can be used by police, a solicitor or a court.

Have suspicions? Contact us for a confidential conversation. We handle your situation with the discretion it deserves.

SAJ Recherche

SAJ Recherche Editorial

The SAJ Recherche editorial team writes about investigation, fraud, evidence law and security. POB licence 8779.

Share this article

Cite this article

APA

SAJ Recherche (2026). Spyware installed by ex-partner: how SAJ Recherche cleaned three devices and preserved evidence. sajrecherche.com. https://sajrecherche.com/en/blog/spyware-ex-partner-devices-investigation

HTML

<a href="https://sajrecherche.com/en/blog/spyware-ex-partner-devices-investigation">Spyware installed by ex-partner: how SAJ Recherche cleaned three devices and preserved evidence</a> — SAJ Recherche

Do you recognise this situation?

Contact us for a free, confidential consultation about your situation.

Get in touch 020-782 3222