Digital Forensics and Malware Analysis
Evidence that fights back. Our forensic and malware analyses have helped victims of infamous hacker groups come out as victors in courts of law. Our experts can do the same for your company.
Industry leader in digital forensics
17 years of expertise in
1,000+ successful investigations around the globe
Proprietary training course, acclaimed by INTERPOL & Europol
Group-IB’s evolution
The company has developed from a cyber detective agency and maintained a goal-oriented approach. We take responsibility for obtaining the data you need to pursue attackers and come out victorious in courts of law.
Our pool of data sources and proprietary investigational tools allow us to work on complex and knowledge-intensive cases. We boast unparalleled expertise when it comes to dealing with threats from the Russian-speaking world.

Valery Baulin
Head of Digital Forensics Lab
Multiple levels of analysis
Benefit from additional levels of evidence analysis: world-class Threat Intelligence & Attribution and cutting-edge technologies to investigate the tactics and infrastructure involved in attacks.
Team reinforcement
Work with trusted advisors you can turn to in any situation: whether it is a one-time request for expertise, ongoing support in an investigation, or help obtaining evidence for a court case.
Our Laboratory provides a full range of high-expertise services
Digital Forensics
Mobile forensic systems to ensure that information for forensic examinations, initiated independently or by law enforcement agencies, is correctly seized and copied
Learn moreAdvantages of Group-IB forensic examinations:
- We extract the maximum amount of useful information from objects under examination and interpret the collected evidence accurately and comprehensively.
- We guarantee that the opinions of our forensic specialists will be accepted by courts as adequate evidence for civil, administrative and criminal proceedings.
- All the examinations are conducted within the time limits specified when the materials are submitted for analysis.
Malware Analysis
Unique tools for detecting malware and traces of hacker attacks, including those among deleted and encrypted data
Learn moreGroup-IB analysts from the Forensic Laboratory use high-tech equipment to search for malware at the HDD firmware level. This allows revealing hidden subpartitions, where malicious programs hide from formatting and other traditional methods for disk cleaning.
We examine malware while taking into consideration confidentiality requirements, for example by blocking any network interactions with harmful programs. We provide a comprehensive diagnosis and recommendations on further steps without additional risks.
Collectionof digital evidence
Correctly collected and documented digital evidence forms the basis for further investigation or case preparation for court proceedings
Learn moreClose to 20% of in-house investigations face challenges during interactions with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:
- Provide preliminary consultations
- Promptly visit the incident location
- Determine the information sources for the evidence
- Collect and document evidence in compliance with legal requirements
- Prepare the documentation so that evidence is presented correctly
- Consult with authorized representatives about measures required to stop the incident
How we can help you
Entrust the investigation to top tier experts
It can be difficult to attract in-house digital forensics specialistsand continuously develop their skills. Group IB’s experts are steeped in threat intelligence and can complement your team’s efforts anywhere in the world
Provide accurate information about the incident
We reconstruct incident timelines and provide insights into the motivation behind the attack and the level of employee involvement. Our work complies with government regulations, such as GDRP and CERT requirements.
Detect residual malicious code in your network
We help identify the scope of compromise correctly, detect all the affected devices, and clear the network. It is crucial to be certain that the incident response team did not overlook anything to prevent further attacks.
Put up actionable digital evidence
Specialists with 10+ years of experience collect digital evidence without affecting data integrity, then preserve and analyze it. This provides a basis and data for further investigations.
Help build a strong court case
Prepare your legal team and build your case for court. Our specialists are GIAC certified in Digital Forensics and Malware Analysis. Their reports are admissible in international courts.
Strengthen and educate your team
Add to the competences of your information security specialists by outsourcing malware analysis and forensic examinations. Leverage our advanced knowledge of digital forensics to train your team at the same time.
Proprietary educational course
Group-IB has successfully introduced and provided our forensic specialists with resources to support our work. The workshop was both enjoyable and highly informative.
Francisco Luis, Europol Cybercrime Centre – EC3 Cyber Intelligence TeamDevelop new skills
Group-IB forensic specialists have developed an educational course that helps cybersecurity professionals hone their skills in areas ranging from evidence preservation and threat detection to reverse engineering.
200+ training sessions
Our specialists have trained law enforcement agencies, corporate security teams, and universities around the world, as well as experts within Group-IB’s official partners: INTERPOL and Europol.
Digital forensics and malware analysis
Analyze
malware rapidly and detects trails that lead to the attackers
Link and correlate
evidence with criminal
profilesRecreate
timelines of the incident and motivations behind the attack
Support
every stage of evidence presentation and questioning, including during trials
Educate
professionals in digital
forensicsGather and recover
evidence you can use for private investigations or in court
In synergy with Threat Intelligence & Attribution
Group-IB’s Threat Intelligence & Attribution is a state-of-the-art network that works in synergy with digital forensics. By juxtaposing evidence with the latest threat data, we speed up the research process and correlate cases with criminal profiles. This makes it possible to obtain some analysis results, such as preliminary malware data, within a few hours of the evidence being collected.
Huge database
100,000+ criminal profiles that can be matched to your case
Structured data
Security-related data has been relentlessly gathered since 2003
International recognition
Group-IB’s Threat Intelligence & Attribution is recognized in Gartner, IDC, and Forrester reports



Whitepapers

Mobile Forensics


Mobile Forensics

Thank you for your interest in our materials
Please enter your corporate e-mail address for downloading the whitepaper.
Thank you for your interest in our materials
Please enter your corporate e-mail address for downloading the whitepaper.
Partnerships and certifications
Official Еuropol (2015) and INTERPOL (2017) partner
Recommended by the Organization for Security and Cooperation in Europe (OSCE)
Certified by GIAC in Digital Forensics and Malware Analysis
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Intelligence
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks
Client-side fraud and attack prevention system for online banking, working across sessions, platforms and devices
Protection from bots, fraud and data leakage for e‑commerce and web portals
Get immediate assistance from the largest Forensic Laboratory in Eastern Europe.
Digital Forensics
Mobile forensic systems to ensure that information for forensic examinations, initiated independently or by law enforcement agencies, is correctly seized and copied
Advantages of Group-IB forensic examinations:
- We extract the maximum amount of useful information from objects under examination and interpret the collected evidence accurately and comprehensively.
- We guarantee that the opinions of our forensic specialists will be accepted by courts as adequate evidence for civil, administrative, and criminal proceedings.
- All the examinations are conducted within the time limits specified when the materials are submitted for analysis.
Clientless Malware
Detection
Clientless Malware Detection
Unique tools for detecting malware and traces of hacker attacks, including those within deleted and encrypted data
Group-IB analysts from the Forensic Laboratory use high-tech equipment to search for malware at HDD firmware level. This helps reveal concealed subpartitions where malicious programs hide from formatting and other traditional methods of disk cleaning.
We examine malware while taking into consideration confidentiality requirements, for example by blocking any network interactions with harmful programs. We provide a comprehensive diagnosis and recommendations on further steps without additional risks.
Collection of digital
evidence
Collection of digital evidence
Correctly collected and documented digital evidence forms the basis for further investigation or case preparation for court proceedings
Close to 20% of in-house investigations face challenges during interactions with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:
- Provide preliminary consultations
- Promptly visit the incident location
- Determine the information sources for the evidence
- Collect and document evidence in compliance with legal requirements
- Prepare the documentation so that evidence is presented correctly
- Consult with authorised representatives about measures required to stop the incident