Interview transcript:

Terry Gerton You have a very cool job title. You are the director of the DC3 Cyber Forensics Lab, the DoD Cybercrime Center. Most people probably don’t even know that kind of function exists, much less what you do. So I want to give you an opportunity to do that first. Tell us about the lab and its mission.

Kevin Rivera The cyber forensics lab has existed for already about 27 years. I agree with you; I think many across the DoD don’t even know that we exist. We’ve been serving for the last 27 years in the Department of Defense, primarily the Defense Criminal Investigative Organizations in support of their investigations of crimes either against or committed by members of the Department of Defense or somehow affecting the Department of Defense. We do digital forensics of digital media related to those crimes. So when crimes occur and they’re investigated, the investigators conduct crime scene searches. They seize evidence. That evidence often is digital evidence in the form of mobile devices, tablets, computers, laptops, gaming systems, etc. And those evidence items have artifacts of relevance to those crimes very often. Our job is to look at those devices and find the artifacts that are related to the criminal activity and either support or refute the allegations against those individuals.

Terry Gerton It sounds very much like what we might see in a TV show. What are some of the more interesting cases that you’ve been involved in?

Kevin Rivera One of our specialties is recovering data from damaged media or media that stops working properly. We have the expertise and specialized skill sets here with our subject matter experts that are able to troubleshoot those broken or failing devices, determine what about them has failed, repair or replace those failing parts, and get those items back to functioning so that we can pull the data off of them and then analyze it. A customer recently came to us with a server that was eight drives that comprised about 800 terabytes of data. Forty terabytes of that data was critical to that organization and the server had failed. So they came to us, not knowing who else they could turn to, to recover that critical data that was not replaceable. Long story short, within about three weeks’ time of troubleshooting and a collaborative team effort here at the Cyber Forensics Lab, we were able to troubleshoot, identify and replace the failed parts, get those hard drives back to working condition, and then recover and reconstruct that data and return it to the customer.

Terry Gerton So that sounds like a case where it wasn’t a crime, it was just a failure of hardware. So you’re tackling both hardware failures and also malware or cyber crime or other sorts of things I’m not even sure I could imagine.

Kevin Rivera That’s correct. We also support the defense industrial base and the Department of Defense from a cybersecurity perspective. We do malware analysis, malware reverse engineering, cyber intrusion forensics to identify if an intrusion has taken place. If it has, we identify for the investigative agencies where that attack came from, how that initial computer or point of entry was compromised and help them further those investigations to bring justice to the offenders.

Terry Gerton I’m speaking with Kevin Rivera. He’s the director of the DC3 Cyber Forensics Lab. You mentioned that the lab’s been in existence now almost 30 years. I would imagine you’ve seen quite a difference in mission and problem sets from when you began to where you’re operating at today. What are the most significant changes in that timeframe?

Kevin Rivera The most prolific change that I’ve seen in the almost 20 years that I personally have been here at the Cyber Forensics Lab, back in the early 2000s, we were investigating and analyzing computer hard drives. Nowadays, in 2025, almost 2026, every person essentially in America that’s walking around is walking around with a computer in their pocket. Most of us call them our cell phones. And every one of those devices has just an enormous volume of data. And that’s just one device that almost every person has. Many people also have laptops and computers and they’re moving around and conducting digital activities across a variety of different devices. So the investigations into those devices and to find the artifacts of relevance have become increasingly complex as we have to correlate activity between multiple devices for a single offender and attribute how the offender is obtaining the data, whether it’s child sexual assault material or whether it is artifacts related to a conspiracy to hurt somebody or you name it, anything that you can imagine, we’ve probably seen it here at the Cyber Forensics Lab. The complexity and the volume of data just continue to explode on orders of magnitude.

Terry Gerton You mentioned also the technology challenges. I would imagine that the forensics mission has got to evolve as quickly as technology does. And these days, of course, if we insert AI into that equation, it gets even more complicated. What would you say are the toughest technology challenges that your team faces today?

Kevin Rivera I think one of the most difficult challenges that we face is the encryption of digital data. The encryption is becoming increasingly complex. Apps are exploding onto the scene of availability, again, on orders of magnitude, and the number of apps that are available to folks. Where offenders are looking to conceal their activities, they never run out of creativity in how they might go about that. And there’s always more and more apps exploding onto the scene that make that possible for them to try to conceal the things that they’re doing and make it hard for the eventual would-be investigator to uncover what they’ve been doing by analyzing those devices. So the encryption of those apps and the data in those apps, I think, is probably the most challenging issue that we face.

Terry Gerton And you mentioned also that you work not only across the service lines there within DoD, but you work across agencies, you support DOJ investigations, you also work with the defense industrial base. How complex are all of those collaborations and how do you integrate operations across those various facets?

Kevin Rivera It’s very challenging, I will say. When we’re supporting an intrusion investigation that’s affected the defense industrial base, we are often working, not necessarily collaboratively, but in parallel with probably a commercial incident response firm that’s essentially a hired gun by the corporation that’s been compromised. To come in and try to protect the integrity and reputation of that company, because as we know, major defense contractors that are compromised, that’s a blemish on their record as far as a contractor that’s appealing for the department to work with. Because as the Department, we value the privacy of our information. It’s important for us for national security to be able to protect and keep that information safe.

Terry Gerton We hear every day about cyber threats. I can’t imagine there are very many slow days for you there at the lab. But as you look forward, are there upcoming initiatives or new technologies maybe that you’re looking forward to that will help shape the digital investigation field?

Kevin Rivera I think a field that everyone across the DoD is trying to lean into is learning how to understand and analyze the artifacts associated with critical infrastructure, because that’s one of our nation’s biggest points of vulnerability. It spreads across a variety of industry sectors and the hardware that’s in use in those infrastructures is such a wide range of hardware that has proprietary software running on it, computers that are 25 years old that they can’t update because it would break something and cause something to stop working properly. The vulnerability that exists across that range of territory is astronomical.

Terry Gerton And you’re looking at the pieces after an attack or an event has already happened. What do you wish people knew on the front end that could protect themselves, their devices, and their information from cyber threats?

Kevin Rivera I think that the old adage of “be careful what you click on” is probably the most predominant suggestion that I could give to anybody. Spear phishing and spam, we see it all the time and we take it for granted, but it really presents a great risk to the everyday user. Clicking on those links — because of what we do now with our digital devices, and so many of us are doing mobile banking and interacting with the Social Security Administration — and all these different things that we take for granted, we’re putting out there by way of doing that the possibility that somebody could compromise our device and steal our identity very easily.

The post This DoD lab’s mission is shaping future cyber investigations first appeared on Federal News Network.