Prevention
- Security Assessment
- Red Teaming
- Compliance Audit
- Pre-IR Assessment
- Compromise Assessment
- Cyber Education
- GIB Crypto
Digital Forensics and Malware Analysis
Evidence that fights back. Our forensic and malware analyses have helped victims of infamous hacker groups come out as victors in courts of law. Our experts can do the same for your company.
Industry leader in digital forensics
17 years of expertise in
1,200+ successful investigations around the globe
Proprietary training course, acclaimed by INTERPOL & Europol
Group-IB’s evolution
The company has developed from a cyber detective agency and maintained a goal-oriented approach. We take responsibility for obtaining the data you need to pursue attackers and come out victorious in courts of law.
Our pool of data sources and proprietary investigational tools allow us to work on complex and knowledge-intensive cases. We boast unparalleled expertise when it comes to dealing with threats from the Russian-speaking world.
Valery Baulin
Head of Digital Forensics Lab
Multiple levels of analysis
Benefit from additional levels of evidence analysis: world-class Threat Intelligence & Attribution and cutting-edge technologies to investigate the tactics and infrastructure involved in attacks.
Team reinforcement
Work with trusted advisors you can turn to in any situation: whether it is a one-time request for expertise, ongoing support in an investigation, or help obtaining evidence for a court case.
Our Laboratory provides a full range of high-expertise services
Digital Forensics
Mobile forensic systems to ensure that information for forensic examinations, initiated independently or by law enforcement agencies, is correctly seized and copied
Learn moreAdvantages of Group-IB forensic examinations:
- We extract the maximum amount of useful information from objects under examination and interpret the collected evidence accurately and comprehensively.
- We guarantee that the opinions of our forensic specialists will be accepted by courts as adequate evidence for civil, administrative and criminal proceedings.
- All the examinations are conducted within the time limits specified when the materials are submitted for analysis.
Malware Analysis
Unique tools for detecting malware and traces of hacker attacks, including those among deleted and encrypted data
Learn moreGroup-IB analysts from the Forensic Laboratory use high-tech equipment to search for malware at the HDD firmware level. This allows revealing hidden subpartitions, where malicious programs hide from formatting and other traditional methods for disk cleaning.
We examine malware while taking into consideration confidentiality requirements, for example by blocking any network interactions with harmful programs. We provide a comprehensive diagnosis and recommendations on further steps without additional risks.
Collectionof digital evidence
Correctly collected and documented digital evidence forms the basis for further investigation or case preparation for court proceedings
Learn moreClose to 20% of in-house investigations face challenges during interactions with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:
- Provide preliminary consultations
- Promptly visit the incident location
- Determine the information sources for the evidence
- Collect and document evidence in compliance with legal requirements
- Prepare the documentation so that evidence is presented correctly
- Consult with authorized representatives about measures required to stop the incident
How we can help you
Entrust the investigation to top tier experts
It can be difficult to attract in-house digital forensics specialistsand continuously develop their skills. Group IB’s experts are steeped in threat intelligence and can complement your team’s efforts anywhere in the world
Provide accurate information about the incident
We reconstruct incident timelines and provide insights into the motivation behind the attack and the level of employee involvement. Our work complies with government regulations, such as GDRP and CERT requirements.
Detect residual malicious code in your network
We help identify the scope of compromise correctly, detect all the affected devices, and clear the network. It is crucial to be certain that the incident response team did not overlook anything to prevent further attacks.
Put up actionable digital evidence
Specialists with 10+ years of experience collect digital evidence without affecting data integrity, then preserve and analyze it. This provides a basis and data for further investigations.
Help build a strong court case
Prepare your legal team and build your case for court. Our specialists are GIAC certified in Digital Forensics and Malware Analysis. Their reports are admissible in international courts.
Strengthen and educate your team
Add to the competences of your information security specialists by outsourcing malware analysis and forensic examinations. Leverage our advanced knowledge of digital forensics to train your team at the same time.
Proprietary educational course
Group-IB has successfully introduced and provided our forensic specialists with resources to support our work. The workshop was both enjoyable and highly informative.
Francisco Luis, Europol Cybercrime Centre – EC3 Cyber Intelligence TeamDevelop new skills
Group-IB forensic specialists have developed an educational course that helps cybersecurity professionals hone their skills in areas ranging from evidence preservation and threat detection to reverse engineering.
200+ training sessions
Our specialists have trained law enforcement agencies, corporate security teams, and universities around the world, as well as experts within Group-IB’s official partners: INTERPOL and Europol.
Group-IB
Digital forensics and malware analysis
Digital forensics and malware analysis
Analyze
malware rapidly and detects trails that lead to the attackers
Link and correlate
evidence with criminal
profilesRecreate
timelines of the incident and motivations behind the attack
Support
every stage of evidence presentation and questioning, including during trials
Educate
professionals in digital
forensicsGather and recover
evidence you can use for private investigations or in court
In synergy with Threat Intelligence & Attribution
Group-IB’s Threat Intelligence & Attribution is a state-of-the-art network that works in synergy with digital forensics. By juxtaposing evidence with the latest threat data, we speed up the research process and correlate cases with criminal profiles. This makes it possible to obtain some analysis results, such as preliminary malware data, within a few hours of the evidence being collected.
Huge database
100,000+ criminal profiles that can be matched to your case
Structured data
Security-related data has been relentlessly gathered since 2003
International recognition
Group-IB’s Threat Intelligence & Attribution is recognized in Gartner, IDC, and Forrester reports
Malware code analysisThorough malware analysis is vital when investigating complex attacks. Our analysts examine vast amounts of real malware samples daily and hold the internationally recognised GIAC certification in Digital Forensics and Malware Analysis. We regularly share threat research on the activities of infamous hacker teams, which is based on the findings of the malware analysis team.More Threat Research
Whitepapers
Mobile Forensics
The possibilities of mobile forensics: extraction, investigation, and crime solving
eDiscovery
Basics, methods and techniques of strategic digital evidence management
Ransomware
The complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
Lock like a Pro: How Qakbot fuels enterprise ransomware campaigns
Enterprise ransomware is gaining momentum. Learn about one of the biggest players of the game, ProLock, and its unique kill chain.
Egregor ransomware: The legacy of Maze lives on
The new gang may be young, but it is already doing serious damage.
Mobile Forensics
The possibilities of mobile forensics: extraction, investigation, and crime solving
eDiscovery
Basics, methods and techniques of strategic digital evidence management
Ransomware
The complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
Lock like a Pro: How Qakbot fuels enterprise ransomware campaigns
Enterprise ransomware is gaining momentum. Learn about one of the biggest players of the game, ProLock, and its unique kill chain.
Egregor ransomware: The legacy of Maze lives on
The new gang may be young, but it is already doing serious damage.
Thank you for your interest in our materials
Please enter your corporate e-mail address for downloading the whitepaper.
Thank you for your interest in our materials
Please enter your corporate e-mail address for downloading the whitepaper.
Thank you for your interest in our materials
Please enter your corporate e-mail address for downloading the whitepaper.
Thank you for your interest in our materials
Please enter your corporate e-mail address for downloading the whitepaper.
Thank you for your interest in our materials
Please enter your corporate e-mail address for downloading the whitepaper.
Partnerships and certifications
Official Еuropol (2015) and INTERPOL (2017) partner
Recommended by the Organization for Security and Cooperation in Europe (OSCE)
Certified by GIAC in Digital Forensics and Malware Analysis
We make sure you follow the right traces and do not overlook valuable evidence
Get immediate assistance from the largest Forensic Laboratory in Eastern Europe.
Digital Forensics
Mobile forensic systems to ensure that information for forensic examinations, initiated independently or by law enforcement agencies, is correctly seized and copied
Advantages of Group-IB forensic examinations:
- We extract the maximum amount of useful information from objects under examination and interpret the collected evidence accurately and comprehensively.
- We guarantee that the opinions of our forensic specialists will be accepted by courts as adequate evidence for civil, administrative, and criminal proceedings.
- All the examinations are conducted within the time limits specified when the materials are submitted for analysis.
Clientless Malware
Detection
Clientless Malware Detection
Unique tools for detecting malware and traces of hacker attacks, including those within deleted and encrypted data
Group-IB analysts from the Forensic Laboratory use high-tech equipment to search for malware at HDD firmware level. This helps reveal concealed subpartitions where malicious programs hide from formatting and other traditional methods of disk cleaning.
We examine malware while taking into consideration confidentiality requirements, for example by blocking any network interactions with harmful programs. We provide a comprehensive diagnosis and recommendations on further steps without additional risks.
Collection of digital
evidence
Collection of digital evidence
Correctly collected and documented digital evidence forms the basis for further investigation or case preparation for court proceedings
Close to 20% of in-house investigations face challenges during interactions with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:
- Provide preliminary consultations
- Promptly visit the incident location
- Determine the information sources for the evidence
- Collect and document evidence in compliance with legal requirements
- Prepare the documentation so that evidence is presented correctly
- Consult with authorised representatives about measures required to stop the incident
Awards and recognition
Forensics - Group-IB Digital Forensic
eDiscovery – Group-IB eDiscovery