Prevention
- Security Assessment
- Red Teaming
- Pre-IR Assessment
- Compromise Assessment
- Anti-Piracy
- Brand Protection
- GIB Crypto
Digital Forensics and Malware Analysis
Evidence that fights back. Our forensic and malware analyses have helped victims of infamous hacker groups come out as victors in courts of law. Our experts can do the same for your company.
The largest digital forensic laboratory in Eastern Europe
15 years of expertise in e‑discovery and malware analysis
1000+ successful investigations around the globe
Proprietary training course, acclaimed by Interpol & Europol
Group-IB difference
The company has grown out of the cyber detective agency, preserving the goal-oriented approach. We take the responsibility getting the data you need to pursue the attackers and come out as victors in courts of law.
Our multiple data sources and proprietary investigational tools enable us to work on complex and knowledge-intensive cases. We boast unparalleled expertise when it comes to dealing with threats from the Russian-speaking world.
Valery Baulin
Head of Digital Forensics Lab
Multiple levels of analysis
Get additional levels of the evidence analysis: world-class Threat Intelligence and cutting-edge technologies to investigate the tactics and infrastructure of the attack.
Team reinforcement
Have trusted advisors you can turn to in any case: whether it is a one-time request for expertise, support in the investigation or supporting the evidence in court.
Our Laboratory provides a full range of high-expertise services
Digital Forensics
Mobile forensic systems for correct seizure and copying of information for forensic examinations initiated independently or by law enforcement agencies
Learn moreAdvantages of Group-IB forensic examinations:
- We extract the maximum useful information from objects under examination and interpret the collected evidence accurately and comprehensively.
- We guarantee that opinions of our forensic specialists will be accepted by courts as adequate evidence for civil, administrative and criminal proceedings.
- All the examinations are conducted within time limits specified when materials are submitted for analysis.
Malware Analysis
Unique tools for detecting malware and traces of hacker attacks, including those among deleted and encrypted data
Learn moreGroup-IB analysts from Forensic Laboratory use the hi-tech equipment to search for malware on HDD firmware level. This allows revealing hidden subpartitions, where malicious programs hide from formatting and other traditional methods for disk cleaning.
We examine malware considering the confidentiality requirements, such as blocking any network interactions of harmful programs. You get a comprehensive diagnosis and recommendations on further steps without additional risks.
Collectionof digital evidence
Correctly collected and documented digital evidence base for further investigation or case preparation for the court
Learn more20% of in-house investigations face challenges at the stage of interaction with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:
- Provide preliminary consultation
- Organize a prompt visit to the incident location
- Determine the evidence information sources
- Collect and document the evidence in compliance with the law requirements
- Prepare the documentation to present the evidence correctly
- Consult with authorized representatives about measures needed to stop the incident
How we can help you
Trust an investigation to top tier experts
It can be difficult to attract in-house digital forensic specialists and continuously develop their skills. Group IB’s experts are steeped in threat intelligence and can complement your team’s efforts anywhere in the world
Provide accurate information about the incident
We reconstruct incident timelines and provide insights into the motivation behind the attack and the level of employee involvement. Our work complies with government regulations, such as GDRP and CERT requirements.
Detect residual malicious code in your network
We help to identify the scope of compromise correctly, detect all the affected devices and help to clear the network. It is critical to be sure the incident response team didn't miss anything to prevent further attacks.
Put up actionable digital evidence
Specialists with 10+ years experience collect digital evidence without affecting data integrity, preserve and analyze it. This provides a basis and data for further investigation.
Help to build a strong case for court
Prepare your legal team and build your case in court. GIAC certified our specialists in Digital Forensics and Malware Analysis. Their reports are admissible in international courts.
Reinforce and educate your team
Add to the competences of your information security specialists outsourcing the malware analysis and forensic examinations. Leverage our advanced knowledge of digital forensics to train your team as well.
Proprietary educational course
Group-IB has successfully introduced and provided our forensic specialists with resources to support our work. The workshop was both enjoyable and highly informative.
Francisco Luis, Europol Cybercrime Center – EC3 Cyber Intelligence TeamGet the new skills
Group-IB forensic specialists developed an educational course that helps cyber-security professionals hone their skills in areas ranging from preserving evidence and hunting down threats, to reverse engineering.
200+ training sessions
Our specialists trained the law enforcement agencies, corporate security teams and universities internationally, as well as the experts of Group-IB official partners, Interpol and Europol.
Group-IB
Digital forensics and malware analysis
Digital forensics and malware analysis
Analyzes
malware rapidly and detects trails leading to the attackers
Links and correlates
evidence with criminal
profilesRecreates
timelines of the incident and motivations behind the attack
Supports
every stage in the presentation of evidence, questioning, and in trial
Educates
professionals in digital
forensicsGathers and recovers
evidence you can use for private investigations or in court
In synergy with Threat Intelligence
Group-IB Threat Intelligence is a state-of-the-art network that works in synergy with digital forensics. By juxtaposing evidence with the latest threat data, we speed up the research process and correlate cases with criminal profiles. It allows to get some analysis results, such as preliminary malware data, within a few hours after the evidence is collected.
Huge database
100,000+ criminal profiles that can be matched to your case
Structured data
Data, related to security, is relentlessly gathered since 2003
International recognition
Threat intelligence recognized in Gartner, IDC, Forrester reports
Malware code analysisThorough malware analysis is vital in investigating complex attacks. Our analysts go through vast amounts of real malware samples daily and hold the internationally recognized GIAC certification in Digital Forensics and Malware Analysis. We regularly share threat research on the activities of the infamous hacker teams which is based on the findings of the malware analysis team.More Threat Research
Partnerships and certification
Official Еuropol (2015) and INTERPOL (2017) partner
Recommended by the Organization for Security and Cooperation in Europe (OSCE)
Certified by GIAC in Digital Forensics and Malware Analysis
We will make sure you follow the right traces and don’t overlook valuable evidence
Get immediate assistance from the largest Forensic Laboratory in Eastern Europe.
Digital Forensics
Mobile forensic systems for correct seizure and copying of information for forensic examinations initiated independently or by law enforcement agencies
Advantages of Group-IB forensic examinations:
- We extract the maximum useful information from objects under examination and interpret the collected evidence accurately and comprehensively.
- We guarantee that opinions of our forensic specialists will be accepted by courts as adequate evidence for civil, administrative and criminal proceedings.
- All the examinations are conducted within time limits specified when materials are submitted for analysis.
Clientless Malware
Detection
Clientless Malware Detection
Unique tools for detecting malware and traces of hacker attacks, including those among deleted and encrypted data
Group-IB analysts from Forensic Laboratory use the hi-tech equipment to search for malware on HDD firmware level. This allows revealing hidden subpartitions, where malicious programs hide from formatting and other traditional methods for disk cleaning.
We examine malware considering the confidentiality requirements, such as blocking any network interactions of harmful programs. You get a comprehensive diagnosis and recommendations on further steps without additional risks.
Collection of digital
evidence
Collection of digital evidence
Correctly collected and documented digital evidence base for further investigation or case preparation for the court
20% of in-house investigations face challenges at the stage of interaction with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:
- Provide preliminary consultation
- Organize a prompt visit to the incident location
- Determine the evidence information sources
- Collect and document the evidence in compliance with the law requirements
- Prepare the documentation to present the evidence correctly
- Consult with authorized representatives about measures needed to stop the incident