Conducting a forensic investigation is an important part of investigating an information security incident, because data media may contain information which could shed light on the circumstances of the incident, as well as help in identifying the persons responsible. As a result of the received information, the determination of the forensic investigation can be used as evidence. However, such a determination should be made by an experienced independent specialist using proper forensic techniques and tools.
Forensic investigation of computer information and computer equipment is performed on the basis of the following:
- Order for a forensic investigation by law enforcement and judicial authorities;
- Inquiries from law enforcement agencies;
- Agreements with individuals and legal entities.
Group-IB’s specialists perform the following range of services related to conducting forensic investigations:
- Restoring the chronology of any event of an information system;
- Searching for signs of possible unauthorized access;
- Extraction and analysis of correspondence (email and instant messaging);
- Searching based on set criteria;
- Forensic investigation of mobile devices;
- Investigation of databases;
- Investigation of skimming devices;
- Investigation of network and RAM dumps;
- Searching for presence of malware;
- Investigation of the contents of encrypted archives;
- Comparison of software for signs of plagiarism;
- Ensuring integrity (inalterability) of the contents of digital data media after its seizure.
All forensic investigations, including court ordered forensics, are conducted in accordance with the requirements of Russian legislation, taking into account the guidelines of leading governmental expert institutions in Russia, as well as international organizations, and are accepted as admissible court evidence in Russia and around the world.
As a result of the forensic investigation, the client is provided with documentation containing substantiated answers to the raised issues along with other information relevant to the case.
The results of computer forensic investigation are presented in the following forms:
- Expert determination (for forensics conducted based on law enforcement agency requests and agreements with legal entities and individuals);
- Expert determination (for forensics conducted based on court or law enforcement orders).
The determinations made by Group-IB’s experts can be used to initiate criminal proceedings, or become additional evidence in an ongoing criminal case. Moreover, the forensic investigation results can be transferred to Group-IB’s Investigations Division in order to investigate information security incidents.
Forensic investigations of digital data media are the basis of a comprehensive investigation of information security incidents and cybercrime. The cost of mistakes at this stage is extremely high, so the appropriate investigation should only be entrusted to highly qualified professionals with the necessary competence and equipment.
As a result of our experts conducting a forensic investigation, you will receive the following:
- Accuracy of the findings. Investigation of computer data is conducted by proper forensic methods, ensuring high levels of reliability of the results. This is achieved by using hardware and software write blockers, as well as investigating copies of the data media contents.
- Completeness of the findings. All materials transferred to Group-IB’s lab undergo comprehensive and thorough investigation, conducted in accordance with the latest international developments in the field of computer forensics, ensuring scientific validity of the results.
- Promptness of the results. Due to the extensive purview of Group-IB’s criminologists and the latest forensic equipment, all investigations are conducted within the timeframe stipulated at the time the materials are transferred for analysis.
- Legal relevance of the determinations. The expert determinations are made by specialists solely in compliance with the requirements of applicable legislations, and contain no procedural errors. This guarantees acceptance as admissible evidence by law enforcement agencies and courts in civil, administrative, and criminal proceedings.