Cyber Forensics Laboratory Overview

The Cyber Forensics Laboratory performs Digital and Multimedia (D/MM) forensic examinations, repairs damaged devices and extracts otherwise inaccessible data from them, and provides expert testimony in legal proceedings for DC3 customers. The labs robust intrusion and malware analysis capability supports law enforcement, counterintelligence, and Defense Industrial Base activities and operations.

The Cyber Forensics Laboratory also works with the Defense Cyber Operations Panel (which consists of Defense Criminal Investigative Organizations and Military Department Counterintelligence Organizations) to develop requirements and set standards for digital investigations as new technologies emerge and evolve.

The Cyber Forensics Laboratory is an accredited lab under ISO 17025 by the ANSI National Accreditation Board, and its operations are subject to strict quality control and peer review. The Cyber Forensics Laboratory produces results which are valid and reliable, based on conditions and methods which are repeatable.

• Digital and Multimedia (D/MM) forensic examinations
• Device Repair
• Data Extraction
• Expert Testimony for DC3 Customers


 
   Cyber Forensics Laboratory Case Tracking System    
 
Cyber Forensics Laboratory News   

 

 
If you need quick information, let us know!
Indicate what information you'd like to have sooner than the end of a final exam on your Service Request form. Please be aware that Quick Look results are not a final report, and do not replace your exhaustive forensic examination. These results are not intended to stand on their own in a judicial process.
Contact Us
Cyber Forensics Laboratory Customer Support & Intake
410-981-0310
DSN: 622-2595
Email: 
 
Forensic Operations and Services

Cyber Forensics Laboratory's D/MM forensic processes include:

  • Counterterrorism
  • Counterintelligence Matters
  • Crime Against Persons & Property
  • Fraud
  • Embedded Systems & Supply Chain Analysis
  • Network Intrusions
  • Malware Reverse Engineering & Analytics
  • Enhancing Video & Voice Recordings
  • Aircraft Mishaps
  • Damaged Media & Submerged Devices
  • Cell Phones, Tablets & Other Smart Devices
  • Encrypted Media
  • Locked Mobile Devices
  • Vehicle Infotainment/Telematics
  • Internet of Things (IoT) Devices
  • Other Emerging Technologies
How To Submit A Case
 
If you have any questions, please contact Cyber Forensics Laboratory Customer Support at afosi.dc3.cflintake@us.af.mil.

Step 1-Download 

 

Select and download the appropriate form from the list below.

Step 2-Complete 

 

Please complete the form providing as much information as possible and be sure to sign it. Please contact Cyber Forensics Laboratory Intake for coordination.

Step 3-Print 

 

After completing and signing the form, please print out a copy to include with your evidence submission.

Step 4-Submit 

 

Mail the complete and signed form along with original evidence to Cyber Forensics Laboratory (Send all power cables and unique data interface cables).

  Data Tape, Log File, and Multimedia Submission Tips

Call Cyber Forensics Laboratory Customer Support & Intake for the address at 410-981-0310 or 622-2595

Forms

Note: If you encounter any issues downloading or viewing the forms below (such as a "Please wait..." page), follow the instructions here to change your browser settings.
** You may need to right-click the link and select "Save Link As..." to download the file. For guidance and assistance with forms please contact Cyber Forensics Laboratory Customer Support & Intake at 410-981-0310 or DSN 622-2595 or email afosi.dc3.cflintake@us.af.mil**

  Service Request Form
  Litigation Support Request Form
Damaged Media Recovery Tips
These tips can significantly increase the chances of success in your recovery when submitting items for Damaged Media Recovery
 
 

 Do not attempt to recover data from a damaged device


Many people have sent Cyber Forensics Laboratory devices that could have been recovered, but their attempts made additional recovery impossible.

Please advise if you plan to perform the examination of the data yourself after recovery 


Include a drive for the data when you submit your package. 

If device is visibly broken, collect and send all pieces


Even very small pieces may have critical components, or contain information and clues that can be very useful in the repair of the device.

Attempt to prevent the device from further damage and contamination from its surrounding environment

 

Hard drives that contain platters are extremely sensitive to any kind of particles in the air


If you are sending a hard drive that has a breach exposing the internal cavity of the drive to the outside environment, attempt to stop continued contamination by sealing the drive in an anti-static bag or other means with equal or greater physical and environmental protection.
 

   

Submerged Items

Several factors come into play when preparing captured devices for shipment and/or storage if they have been submerged. These factors will determine whether or not the item should remain submerged in its original substance and what other kinds of preparations should be made on the device. If you are unsure about how to send your evidence, contact us for proper handling instructions.
 
  • How long has it been submerged?
  • What is the substance in which it is submerged?
  • What kind of device is it?