Question: What is a Degree in Digital Forensics?

Answer: A digital forensics degree is a professional degree, typically at the master’s level, that prepares students for work in the field of cybersecurity, investigating computer hacks, data breaches, and other unlawful and unauthorized penetrations of digital networks. A degree in digital forensics provides technical training in computer science as well as instruction in the protocols for collecting digital evidence and prosecuting cyber crimes.

What is Digital Forensics?

Digital forensics is a branch of cybersecurity that focuses on discovering and investigating anomalous, unauthorized, and illegal activity in the realm of cyberspace. This includes but is not limited to malware attacks, hacking, data systems breaches, network disruptions, and other incidents and incursions that may compromise the integrity of digital infrastructures and threaten the safety, privacy, and security of individuals, communities, organizations, businesses, and governments. Digital forensics specialists rely on technical expertise in computer programming, computer operating systems, network architecture, and cryptography to identify potentially unlawful and/or unauthorized activity, collect and preserve evidence of an incursion, and investigate the source of an attack. Digital forensics may also involve studying the psychology of criminal behavior to better understand how cyber crimes are perpetrated, and learning about the criminal justice system and legal procedures for prosecuting cyber criminals.

Digital Forensics Degree Programs

As a discrete area of academic study, digital forensics is a relatively new field that is evolving to keep pace with technological innovation. While rooted in the established practice of forensic science, digital forensics relies on technical proficiencies in computer science and engineering rather than the natural sciences (biology, chemistry, and physics). As a result, digital forensic degree programs are typically offered through schools of computer science and engineering and within cybersecurity programs, although there are criminal justice and forensic science programs that offer a concentration in digital forensics.

While there are colleges and universities that offer undergraduate coursework in digital forensics and a few that offer a bachelor’s degree curriculum in digital forensics, digital forensics degree programs are more commonly offered at the master’s level. There is no formal naming convention for these master’s programs, but they are generally designated as follows:

  • Master of Science in Computer Forensics
  • Master of Science in Digital Forensics and Cyber Investigation
  • Master of Science in Cybersecurity – Digital Forensics Concentration
  • Master of Science in Digital Investigations
  • Master of Science in Forensic Computing
  • Master of Science in Information Networking – Computer Forensics and Incident Response Track
  • Master of Criminal Justice – Cybercrime Investigation Concentration

Areas of Study in a Digital Forensics Degree Program

The Forensic Science Education Programs Accreditation Commission (FEPAC) offers accreditation and curricular guidance for traditional forensic science baccalaureate and graduate degree programs, a subset of which are digital forensics programs. However, there is no formal accrediting body that sets curricular standards for digital forensics degree programs at this time. To fill this void, there are ongoing government-funded initiatives aimed at developing curricular guidelines and recommendations for digital forensics degree programs. The US Department of Justice’s Technical Working Group for Education and Training in Digital Forensics published a list of proficiencies in digital forensics, which include:

  • Identify, preserve and collect digital devices in the field including networked and/or other advanced components
  • Preserve and collect digital evidence involving a network and/or other advanced components
  • Document crime scene and sources of digital evidence
  • Acquire, validate and restore forensic images from a variety of digital devices
  • Demonstrate knowledge of computer hardware and architecture
  • Locate potential evidence in a variety of digital media devices
  • Demonstrate an understanding of computer and network components and their interactions
  • Effectively communicate technical findings both verbally and in writing

The same report recommended areas of technical knowledge that should be considered central to the study of digital forensics:

  • Storage media
  • Operating systems
  • File systems
  • Database systems
  • Network technologies and infrastructures
  • Programming and scripting
  • Computer security
  • Cryptography
  • Software tools
  • Validation and testing tools

Digital forensics degree programs should provide training in relevant areas of computer programming, network and operating systems design, and cryptography, as well as in the protocols for cyber investigations. A digital forensics degree program should also include coursework in legal and compliance issues related to digital forensics and training in the procedures for responding to cyber threats and incidents. The Department of Homeland Security’s National Initiative for Cybersecurity Careers and Studies website includes an extensive list of KSAs (knowledge, skills, and abilities) for digital forensics professionals, and delineates many of the tasks performed by digital forensics specialists, which may offer further guidance to prospective applicants to digital forensics degree programs.