Chris Davis, Hyas’s CEO and cofounder, describes his company’s mission as providing “to-the-doorstep attribution,” meaning that it pinpoints attackers’s whereabouts and helps law enforcement apprehend them. “My drive is to locate the bad guy,” he tells Fortune.

Davis is a 2013 recipient of the FBI Director’s Award for Excellence, a prestigious honor made rarer by his non-FBI, non-U.S. background. The cofounder earned the distinction for uncovering and helping to bust a major botnet known as “Mariposa,” which is Spanish for “butterfly.”

“That was the moment attribution jumped to the forefront of what I was trying to do with my life,” he says.

In 2014, Davis founded Hyas, his third startup, out of his basement on Vancouver Island, Canada. The firm sells subscriptions to digital forensics software—called “Comox” after a town in the company’s home region of British Columbia—that helps security analysts investigate breaches.

“Hyas is going beyond threat detection and providing the attribution tools required to actually identify and prosecute cybercriminals,” said Matthew Goldstein, a partner at Microsoft’s M12, in a statement. He said that Hyas’s tech “will help take bad actors off the Internet, and lead to an overall decrease in cybercrime globally.”

Microsoft has frequently cooperated with law enforcement, like the FBI, to squash botnets over the years. (See: Dorkbot, Ramnit, Citadel, Gamarue, ZeroAccess, etc.)

The key to Hyas’s success lies in the deep relationships it has built with infrastructure providers, such as domain name service providers and registrars, Davis says. He helps these businesses identify rogues who may be abusing their systems and, in return, they let Hyas analyze their data.

Hyas then combines this insight with malware analysis, threat intelligence derived from hacker forums and dark web sites, plus certain mobile data, in order to root out racketeers. “We really try to track them across time and space—like an animal, like tagging a bear,” Davis says.

Rivals include cybersecurity firms such as RiskIQ and DomainTools.

Previously, Davis headed threat intelligence at Endgame, then an exploit-crafting hacker shop, after selling the intellectual property of his first startup, Defence Intelligence, to the company in 2011. Davis had barely incorporated his second startup, Oriza Technologies, before he was scooped by CrowdStrike, now one of the world’s most valuable private cybersecurity firms, as part of an “acqui-hire” in 2013.

Davis says he plans to put the new round of funding toward beefing up and launching new products, especially ones that will broaden the Hyas’s offerings to a wider set of cybersecurity practitioners, not just the “top 25%,” Davis says.

Hyas is working on two additional products. The first, called Salt Spring (named after an island in British Columbia), will be designed to provide insight into global computer network compromises, and the second, Saturna (named for another neighboring island), is slated to operate as a kind of “DNS firewall,” a sort of shield for corporate IT systems, in the same vein as products from Cisco’s OpenDNS and Infoblox.

Hyas first raised $1.5 million in “seed” funding in 2016.

In addition to Microsoft, investors in the latest round include Startup Capital Ventures, 205 Capital, Wesley Clover, and cybersecurity veterans Tim Eades, cofounder of network security firm vArmour, and Tom Noonan, cofounder of Endgame.