Specialization in Cyber Forensics

The Purdue Polytechnic offers a Ph.D. in Technology with a specialization in cyber forensics. All details about the degree including the admission procedures, course structure, faculty and other resources can be found here. Additional details of the Ph.D. specific to the cyber forensics area of specialization are mentioned below.


Curriculum requirements for the cyber forensics specialization includes all the requirements of the Ph.D. in Technology degree with the added constraint that students need to complete 15 credit hours in core cyber forensics courses. The requirements are explained below.

Core Courses

CNIT 55600 - Basic Computer Forensics - 13485
Covers the fundamentals of the maturing discipline of computer forensics. The focus of the course is on gaining a broad understanding of the field of study and how technology and law interact to form this forensic science. Emerging standards and current and future issues related to the field are also explored. Examines law and public policy, the computer forensic methodology, report presentation, and expert witness testimony, as well as anti-forensic techniques that can be used to obfuscate evidence. Students are exposed to theory and practice with lab exercises, thought and term papers, and a practical, as well as written, final exam.

CNIT 55700 - Advanced Research Topics In Cyber Forensics - 45535
Provides students at the advanced degree level the opportunity to expand their knowledge of cyber forensics. Students are expected to have fundamental understanding of cyber forensics and digital forensic science. The emphasis is on directed learning and scholarly inquiry. Possible research topics range from law and public policy to software and/or hardware development. Permission of instructor required.

CNIT 58100 - Cyber Frn Cloud/Virtual Enviro - 69894
There are various architectures of virtual and cloud technology environments placing different emphasis on storage, transmission, and processing of information. The student will develop skills and abilities in evaluating the patterns of evidence within this domain. This course examines the identification and acquisition of digital evidence, residing on hosts or in transmission between hosts, from different network topologies, and protocols. This course will also examine the techniques or processes by which information can be hidden, exposed, examined, and processed in a forensics manner. The fundamental principles of forensics are applied to virtual operating environment and networks.

CNIT 58100 - Cyber Forensics Of File Sys - 69783
The plethora of strategies to store information in different formats continues to expand. This course examines the various media and strategies of storing information and the processes of documenting the collection, imaging, and processing of forensic evidence. Topics include file formats, file systems, hardware, and software involved in forensic investigation. The overall pattern of forensic evidence in file systems will be examine along with the acquisition, analysis, and reporting of evidence artifacts found in file systems. Permission of instructor or graduate standing required.

CNIT 58100 - Cyberforensics Of Malware - 69893
Consumer technologies are rapidly moving forward with items integrating processing, storage, and transmission into their base functionality. The enterprise issues with bring your own device has rapidly expanded requirements on forensics investigators to address a plethora of mobile device types. Whether it is the automobile black box or a home thermostat there are various elements of interesting evidence possible to be gained. As a simplistic example the wireless home thermostat tracks when there is activity in a house. The forensic possibilities of being able to attribute presence via the thermostat or geo-location by a cellphone are of interest to forensics investigators. This is a classic example of a device as a witness. The embedded and consumer device pantheon is developing as an important area of forensic science.

Specialization Requirements

Component Direct to PhD Master's Plus
Technology (requires 15 core cyber forensics courses) 30 cr min 21 cr min
Discovery Foundations (research methodology, statistics and experimental design) 18 cr min 12 cr min
Cognate (from any appropriate Purdue college or school other than Technology) 27 cr min 12 cr min
Dissertation Research 15-30 cr 15-30 cr
Total Hours beyond prior degree 90 cr min 60 cr min
From master's degree --- 30 cr max
Total Graduate Study 90 cr min 90 cr min