An international cybersecurity company Group-IB that specializes in preventing cyberattacks, has analyzed the documents under the signature of former Moscow anti-doping laboratory director Grigory Rodchenkov. These documents were presented during the hearings in the Court of Arbitration for Sport (CAS) on the case involving Russian biathletes — Olga Vilukhina, Yana Romanova, and Olga Zaytseva. During the investigation, the experts established that the documents contained completely identical images with a signature on them, which were supposedly pasted to these documents from a different source. Similar conclusions have been reached by the British graphologists. This was reported by the lawyer of former biathletes, Alexei Panich, after the first day of CAS hearings in Switzerland.
The experts from international cybersecurity company Group-IB conducted digital forensic analysis of those files that were presented by the client — a law firm, Herbert Smith Freehills CIS LLP. The files provided for analysis were: «Exhibit 43 — Affidavit of Dr. Grigory M. Rodchenkov dated 12 November 2019.PDF» and «Exhibit R-64 — Affidavit of Dr. Grigory M. Rodchenkov dated 22 February 2020.pdf». These files were presented as part of today’s CAS hearings.
Digital forensic examination, conducted by GIAC (Global Information Assurance Certification) certified analysts, revealed that these are two different files from digital forensic standpoint. They have different metadata, such as file size, PDF Version in which they were created, and etc. At the same time, forensic analysis established that page 16 of the PDF file «Exhibit 43 — Affidavit of Dr. Grigory M. Rodchenkov dated 12 November 2019.pdf» and page 6 of the PDF file «Exhibit R-64 — Affidavit of Dr. Grigory M. Rodchenkov dated 22 February 2020.pdf» contain exactly identical, from digital forensic standpoint, element that can be extracted — an image with a signature.

Sergey Nikitin
Deputy Head of the Digital Forensics Lab at Group-IB