Computer Forensics and Data Recovery Lab

Group IB‘s computer forensics and data recovery lab offers both judicial and non-judicial (commercial) forensics investigations of computer information and technology. Our lab is equipped with the latest data recovery tools, equipment for working with hardware data media without changing its contents, and specialized file system forensics software. Group-IB‘s lab specialists have vast experience in the computer forensics field and their expert determinations are held in high regard by Russian law enforcement agencies and courts.

Group IB‘s forensics experts provide the following services:

  1. Collecting evidence about an IT security incident, including computer data, and creating legal documentation.
  2. Providing investigative expertise in the detection, identification and seizure of hardware data media.
  3. Hardware data media forensics, including those ordered by law enforcement agencies and courts, per a client‘s questions and needs.
  4. Court-ordered forensic investigations of hardware data media and computers, including DVR media, cellphones, and other portable devices.
  5. Data recovery, for both ongoing court trials and commercial (out of court) investigations.
  6. Audits to detect the use of unlicensed software.
  7. Investigation of malicious software to determine its algorithms, functions, and network interactions.
  8. Searching and obtaining information from encrypted documents and archives.
  9. Reviewing expert determinations of other organizations, including those which are part of ongoing proceedings in criminal and civil cases.

All forensic investigations, including those court-ordered, are conducted in accordance with the requirements of the Russian legal system and follow policy guidelines from leading national expert institutions and international organizations, and are admissible as evidence to courts both in Russia and other countries. Independent forensic investigations and analyses conducted by our lab experts serve as crucial sources of information during criminal investigations. The methodologies and goals of unlawful acts are elucidated and the responsible parties are pinpointed.

Group-IB‘s commercial and judicial computer forensics investigations address the following questions:

  1. Signs of unauthorized access to information systems and their cryptographic components.
  2. Presence of specific information such as keywords, whether explicit or implicit (hidden, remote, or encrypted), including within images, documents, and correspondence.
  3. Presence of a given piece of software, whether installed or not, and this software‘s configuration.
  4. Event chronology of an IT security incident.
  5. Computer information inalterability and integrity after seizure and investigation.

Any information provided by the client, as well as any information gained as a result of the forensic investigation, is strictly protected per a bilateral non-disclosure agreement and maintained by Group-IB lab personnel with specialized training. Experts are regulated and constantly monitored in their access to available data and information, and are restricted in part by the immediate tasks being carried out.  Information is automatically encrypted within our forensic employees‘ workspaces.