Malware is an integral part of hi-tech crime. The current programs used by the criminals are able to perform various tasks, ranging from unauthorized copying of confidential information to organizing remote control over a computer.
For a comprehensive investigation of an incident with the use of malware, software suspected of being malicious must be examined to determine its algorithms, functionalities, and network interactions.
Group-IB’s specialists perform the following range of services related to malware investigation:
- Determining the malware’s algorithms;
- Extracting the list of control servers from the malware;
- Documenting the malware’s functional characteristics (for example, its interaction with online banking systems);
- Identifying and documenting the malware’s capabilities of countering forensic investigation and detection;
- Documenting changes introduced by the malware into the system registry and the overall file system;
- Identification and description of other malware informational activities relevant to a criminal case;
- Examination of configuration files and additional software modules loaded by the malware from the Internet (if necessary);
- Correlating the obtained information with other malware samples.
Malware investigation is performed either as an independent investigation, or as part of court-ordered technical forensics. All forensic investigations, including those court-ordered, are conducted in accordance with the requirements of Russian legislation, taking into account the guidelines of leading governmental expert institutions in Russia, as well as international organizations, and are accepted as admissible court evidence in Russia and around the world.
As a result of the investigation, the client receives an expert determination, executed in accordance with all applicable legislation, containing the following:
- Description of the malware’s algorithm, its functional characteristics, and network interactions;
- Description of additional software modules and configuration files loaded by the malware from the Internet;
- Recommendations on using the obtained information for the purposes of investigating the information security incident.
The determinations made by Group-IB’s experts can be used as evidence in a criminal case. Moreover, the forensic investigation results can be transferred to Group-IB’s Investigations Division in order to investigate information security incidents.