Digital forensics is a discipline addressing the collection, processing, and analysis of digital data for the purpose of verifying/validating the existence of an event of investigative, intelligence, cyber, or business interest. The data can be from physical media, a mobile device, real-time network traffic, the Internet of Things (IoT), unknown code, memory, the cloud, and many other sources. Digital forensics is interdisciplinary by nature and our program includes computer engineering, computer science, information technology, law, and ethics. Digital forensics is a key component in criminal, corporate, civil, cyber defense, incident response, intelligence, and counter-terrorism matters.
In the last several years, with a proliferation of digital storage, transmission, and processing of sensitive information, there has been an increase in the aberrant use of digital devices. This aberrant behavior includes but is not limited to digital extortion, intrusions, economic espionage, child exploitation, cybercrime, fraud, terrorism, and identity theft. In response to this, digital forensics has become an important profession serving both public and private sectors. The MS in Digital Forensics will prepare graduates for a wide variety of careers to include law enforcement, various other branches of government, incident response, and all facets of cyber security by combining academic education with real world practical techniques and by offering advanced training in analyzing digital evidence, intrusion forensics, reverse engineering, network analysis, legal, and ethical matters.
Admissions
Students who hold a bachelor’s degree from an accredited college or university in engineering, math, science, computer science, business (with a quantitative background), economics, or other analytical disciplines, or students who have equivalent work experience indicating analytical aptitude, may apply. Depending on their background, some domestic applicants may be accepted provisionally and required to complete 3 to 12 credits of preliminary coursework before they are allowed to enroll in any of the core or specialty courses in the program. A minimum undergraduate GPA of 3.00 is required for acceptance.
(formerly VS-MS-CFRS)
Degree Requirements
Total credits: 30
Students must complete a minimum of 30 graduate credits with a GPA of 3.00 or higher, with no more than 6 credit hours of C grades. The plan of study includes a 21-credit required core component which includes a mandatory capstone course, and the choice of either a concentration or a 9-credit elective component as shown below:
Core Courses
| Code | Title | Credits |
|---|---|---|
| DFOR 510 | Digital Forensics Analysis | 3 |
| DFOR 660 | Network Forensics | 3 |
| DFOR 661 | Digital Media Forensics | 3 |
| DFOR 663 | Operations of Intrusion Detection for Forensics | 3 |
| or DFOR 664 | Incident Response Forensics | |
| DFOR 670 | Fraud Analytics 1 | 3 |
| or DFOR 671 | Digital Forensics Ethics Law | |
| DFOR 672 | Mobile Device Forensics | 3 |
| DFOR 790 | Advanced Digital Forensics | 3 |
| Total Credits | 21 | |
- 1
Both DFOR 670 and DFOR 671 may be taken, but only one may be used in the core component.
Concentration in Penetration Testing/Reverse Engineering (PTRE)
Focused on the practical aspects of penetration testing and reverse engineering. Students are expected to master tools, techniques, and methodologies of penetration testing and reverse engineering. Students must take three of the five concentration courses offered (9 credits).
| Code | Title | Credits |
|---|---|---|
| Select nine credits from the following: | 9 | |
| Embedded Systems Reverse Engineering | ||
| Advanced Offensive Defensive Strategies | ||
| Malware Reverse Engineering | ||
| Penetration Testing in Digital Forensics | ||
| Forensic Artifact Extraction | ||
| Total Credits | 9 | |
Electives
| Code | Title | Credits |
|---|---|---|
| Students who do not choose the above concentration should select 9 credits from the following: | 9 | |
| Special Topics in Digital Forensics | ||
| Cloud Forensics | ||
| Operations of Intrusion Detection for Forensics | ||
| Incident Response Forensics | ||
| Fraud Analytics | ||
| Digital Forensics Ethics Law | ||
| Mobile Device Forensics | ||
| Registry Forensics - Windows | ||
| Mac Forensics | ||
| Linux Forensics | ||
| Embedded Systems Reverse Engineering | ||
| Independent Reading and Research | ||
| Memory Forensics | ||
| Digital Audio Video Forensics | ||
| Forensic Deep Packet Inspection | ||
| Advanced Offensive Defensive Strategies | ||
| Malware Reverse Engineering | ||
| Penetration Testing in Digital Forensics | ||
| Digital Warfare | ||
| Anti-Forensics | ||
| Digital Forensic Profiling | ||
| Forensic Artifact Extraction | ||
| Mobile Application Forensics and Analysis | ||
| Kernel Forensics and Analysis | ||
| Advanced Topics in Digital Forensics | ||
| Computer Architecture | ||
| Applied Cryptography | ||
| Advanced Computer Architecture | ||
| Real-Time Embedded Systems | ||
| Design and Analysis of Computer Networks | ||
| Post-Quantum Cryptography | ||
| Side-Channel Security | ||
| Security Policy | ||
| Security Audit and Compliance Testing | ||
| Network Security | ||
| Intrusion Detection | ||
| Advanced Secure Networking | ||
| Basic Crime Analysis | ||
| Total Credits | 9 | |
Other courses may be appropriate as electives in the degree program, but they must be approved prior to registration.
Applied Science, BAS (Cyber Security Concentration)/Digital Forensics, Accelerated MS
Overview
Highly-qualified undergraduates may be admitted to the combined Bachelor's/Accelerated master's degree pathway program (accelerated master's) and obtain a bachelor's degree (BAS) in Applied Science, and a Master of Science (MS) in Digital Forensics in an accelerated time-frame after satisfactory completion of a minimum of 138 credits (total number of required credits depends on the requirements of both the undergraduate and graduate programs). This BAS to MS pathway is only open to students within the Cyber Security concentration of BAS.
This accelerated option is offered jointly by the undergraduate BAS program and the graduate Digital Forensics program in the College of Engineering and Computing.
See AP.6.7 Bachelor's/Accelerated Master's Degrees for policies related to this program.
Students in an accelerated master’s degree program must fulfill all university
requirements for the master's degree. For policies governing all graduate degrees, see AP.6 Graduate Policies.
BAM Pathway Admission Requirements
Applicants to all graduate programs at George Mason University must meet the admission standards and application requirements for graduate study as specified in Graduate Admissions Policies and accelerated master's degree policies. For information specific to this accelerated master's program, see the BAS website and consult with a BAS academic advisor.
Students will be considered for admission into the BAM Pathway after completion of a minimum of 60 credits, and a cumulative GPA of 3.00 or higher.
Students who are accepted into the BAM Pathway will be allowed to register for graduate level courses after successful completion of a minimum of 75 undergraduate credits and any pathway-specific course pre-requisites.
Accelerated Master's Admission Requirements
Undergraduate students already admitted to the BAM Pathway will be admitted to the intended master's program if they have met the following criteria, that will be verified:
- Submission of the BAM Transition Form by the stated deadline.
- Timely completion of the Application for Degree.
- Sufficient minimum 3.0 cumulative GPA for conferred undergraduate degree (which does not include any earned reserve graduate credits).
- All requirements as noted in AP.6.7.3 Timeline Requirements
- Completion of all BAS, Cyber Security concentration requirements, all requirements outlined in AP.5.3.2 Requirements for Bachelor's Degrees.
- Completion of approved advanced standing courses and any reserve courses that have met the minimum grade requirement.
Accelerated Pathway Requirements
To maintain the integrity and quality of both the undergraduate and graduate degree programs, undergraduate students interested in taking graduate courses must choose from the following:
Advanced Standing courses: Students must complete at least 3 credits from the following list of graduate-level courses, while in undergraduate status, up to a maximum of 12 credits. Within the BAS, Cyber Security concentration these courses apply towards Technical Focus requirements.
| Code | Title | Credits |
|---|---|---|
| DFOR 510 | Digital Forensics Analysis | 3 |
| DFOR 660 | Network Forensics | 3 |
| DFOR 661 | Digital Media Forensics | 3 |
| DFOR 663 | Operations of Intrusion Detection for Forensics | 3 |
| or DFOR 664 | Incident Response Forensics | |
| DFOR 670 | Fraud Analytics | 3 |
| or DFOR 671 | Digital Forensics Ethics Law | |
| DFOR 672 | Mobile Device Forensics | 3 |
Reserve credit courses: Students have the option to complete up to 6 credits of graduate-level coursework while in undergraduate status that will only count towards the graduate degree program. Courses may be selected from the list above.
For more detailed information on coursework and timeline requirements, see AP.6.7 Bachelor's/Accelerated Master's Degree and AP.1. Graduate Course Enrollment by Undergraduates.
Cyber Security Engineering, BS/Digital Forensics, Accelerated MS
Overview
Highly-qualified students in the Cyber Security Engineering, BS have the option of obtaining an accelerated Digital Forensics, MS.
For more detailed information, see AP.6.7 Bachelor's/Accelerated Master's Degrees. For policies governing all graduate degrees, see AP.6 Graduate Policies.
Admission Requirements
Students in the Cyber Security Engineering, BS program may apply for this option if they have earned 60 undergraduate credits with an overall GPA of at least 3.25. Criteria for admission are identical to criteria for admission to the Digital Forensics, MS program.
Students who are accepted into the BAM Pathway will be allowed to register for graduate level courses after successful completion of a minimum of 75 undergraduate credits and course-specific prerequisites.
Accelerated Option Requirements
Students must complete all credits that satisfy requirements for the BS and MS programs, with 6 credits overlapping.
Students register for two Digital Forensics core courses (6 credits) in place of two of the three required technical electives, as part of the undergraduate degree requirements. Specifically, students must take:
DFOR 510 Digital Forensics Analysis
DFOR 660 Network Forensics
Note: Students complete all Digital Forensics, MS core courses and apply the two courses from the above list toward the Digital Forensics, MS requirements.
Degree Conferral
Students must apply the semester before they expect to complete the BS requirements to have the BS degree conferred. In addition, at the beginning of the student’s final undergraduate semester, students must complete a Bachelor’s/Accelerated Master’s Transition form that is submitted to the Office of the University Registrar and the CEC Graduate Admissions Office. At the completion of MS requirements, a master’s degree is conferred.
Information Technology, BS/Digital Forensics, Accelerated MS
Overview
Highly-qualified students in the Information Technology, BS have the option of obtaining an accelerated Digital Forensics, MS.
For more detailed information, see AP.6.7 Bachelor's/Accelerated Master's Degrees. For policies governing all graduate degrees, see AP.6 Graduate Policies.
Admission Requirements
Students in the Information Technology, BS program may apply for this option if they have earned 60 undergraduate credits and take graduate level courses after completion of 75 credits with an overall GPA of at least 3.25. Criteria for admission are identical to criteria for admission to the Digital Forensics, MS program.
Accelerated Option Requirements
Students must complete all credits that satisfy requirements for the BS and MS programs, with a minimum of 3 credits (maximum 9 credits) overlapping from the following courses:
| Code | Title | Credits |
|---|---|---|
| DFOR 510 | Digital Forensics Analysis (satisfies a CYBR core) | 3 |
| DFOR 660 | Network Forensics (satisfies IT 357 in the BS INFT program) | 3 |
| DFOR 663 | Operations of Intrusion Detection for Forensics (satisfies one CYBR concentration course in the BS INFT program) | 3 |
Degree Conferral
Students must apply the semester before they expect to complete the BS requirements to have the BS degree conferred. In addition, at the beginning of the student’s final undergraduate semester, students must complete a Bachelor’s/Accelerated Master’s Transition form. At the completion of MS requirements, a master’s degree is conferred.