JC3 Cyber Forensic Laboratory

WHO WE ARE

• The JC3 Cyber Forensic Laboratory is operated and funded as part of the Joint Cybersecurity Coordination Center (JC3) by the Office of the Chief Information Officer to provide comprehensive services to DOE federal and contractor organizations.
• Our examiners are well-trained professionals with backgrounds from cyber forensic, federal, military and law enforcement agencies.
• Our examiners have achieved numerous industry certifications including: CompTIA A+, CompTIA Network+, MCSE, CISSP, EnCE, EC-Council Certified Ethical Hacker, EC-Council Certified Security Analyst, EC-Council Certified Computer Hacking Forensic Investigator, EC-Council Licensed Penetration Tester, Microsoft Certified Professional, CompTIA CTT+, IACIS Certified Forensic Computer Examiner (CFCE), IACIS Certified Electronic Evidence Collection Specialist Certification (CEECS), DoD Certified Basic Digital Media Collector (CBDMC), DoD Certified Basic Digital Forensic Examiner (CBDFE), and DoD Certified Basic Cyber Investigator (CBCI).
• We are not law enforcement investigators. As experienced cyber forensic professionals, our job is to support the customer by providing detailed findings extracted from digital media.
  

CFL CAPABILITIES

INCIDENT RESPONSE: CFL can assist with evidence search and seizure procedures, documenting the scene of a cyber incident, writing inquiry and investigation reports and providing personnel on-site to assist in cyber incident handling. CFL can assist via phone, email or by traveling to the customer site. Customers are also welcome to ship media to CFL for support.

MEDIA EXAMINATION: CFL will acquire forensically sound images of digital media including mass storage, removable media and mobile devices. CFL maintains legal chain of custody, proper evidence handling and access control at all times. CFL conducts extensive examination of the media using industry-accepted forensic procedures and tools.

DATA RECOVERY: CFL can perform extreme data recoveries which require opening drives in a sterile, particulate free environment, such as drive head removal, cleaning and replacement.

CYBER SECURITY BREACHES: CFL can assist with network intrusions and cyber incident and log analysis, as well as perform penetration testing/ethical hacking within prescribed guidelines.

PRODUCT TESTING AND EVALUATION: CFL can develop a product testing plan and, once approved by the requestor, will test software to the prescribed standards. In addition, CFL can provide white papers to supplement the PTE findings.

SAFE PASSAGE PROGRAM: CFL will obtain a physical scan and a forensic image of a laptop prior to international travel. Upon return, CFL will perform a differential exam and report any physical tampering or significant changes made to the system during travel

THE PROCESS 

You may ship media to be examined via FedEx. For media in Germantown or Forrestal, CFL can arrange for pick up. Once the media is received and assigned to an examiner, the examiner will contact you to discuss the case or update you on the status. The examiner will communicate with you directly during the course of the examination and may issue interim reports throughout the examination process. Once the case is closed, the examiner will issue a final report.

SUBMIT A REQUEST

The preferred method for requesting services has been to complete an online request form. However, this functionality has been temporarily taken offline to facilitate a system upgrade. We apologize for any inconvenience.

To fax or email the word document version of the request form, please click Request Form Document. Fill out the request form completely and fax to 301-725-7186 or email to the following: cfl@jc3.doe.gov.

This form can be used for all CFL service requests including Incident Response, Media Examination, Data Recovery, Penetration Testing, Product Testing and Evaluation (PTE) and Safe Passage Program (SPP) scans.

SEND US MEDIA 

• Prior to sending any media to the CFL, ensure that the request has been approved (request approvals are sent via e-mail to the address provided above.

• Complete and enclose an original copy of the Chain of Custody form with your media (click HERE for an electronic copy of our Chain of Custody document).

• If you have any questions on how to complete the Chain of Custody form or how to properly package media to be sent to the CFL, please phone (301) 497-7713.