SThis initiative has been developing a standardized undergraduate digital forensics curriculum that will strongly reflect the multidisciplinary nature and breadth of digital forensics and accommodate evolving curriculum standards, covering not just technical topics but law, criminal psychology, sociology, and business perspectives on digital forensics.

Two semesters’ worth of slide decks, instructor handbooks, and labs are now available to other institutions. If you’re interested in obtaining them for your university, please email us at

A standard curriculum has potential to improve the content and quality of current digital forensics programs, inspire the creation of additional programs at various universities and community colleges, and increase the number of educated practitioners. The primary contribution of our effort has been the creation of resources that can be used as the basis for future academic programs, distance learning, and multidisciplinary, multi-institutional programs. Our curriculum includes two courses (an introductory course and an advanced course, with accompanying laboratories) that reflect emerging national standards.

The curricula have been developed to be adaptable to the needs of both universities and two-year colleges. We also conducted a K-12 outreach program that translated the educational materials and program to levels that could be disseminated more broadly to a younger audience and the general public.

Curriculum Topics

  • Computer forensics, mobile device forensics, and malware (Roy Campbell and Warren Raquel)
  • Network forensics (Syed Faisal Hasan)
  • Fraud investigation (Frank Nekrasz)
  • Digital forensics and the law (Jay Kesan)
  • Understanding the legal system (Anna Marshall)
  • Psychology of cybercrime (Masooda Bashir)
  • Incident response and timeline analysis (Warren Raquel)
  • Digital forensics in digital archives (Jerome McDonough)
  • Database forensics, reverse engineering, and malware (Ryan Cunningham and John Bambenek)

University of Illinois Course Websites


In Fall 2013, we did a pilot offering of the introductory course curriculum and laboratory, in the form of CS 498 AL1, “Introduction to Digital Forensics” (or “Digital Forensics I”), at the University of Illinois. In Fall 2014, we offered a new version of the course that had been revised to reflect our experiences with the initial offering. For the Fall 2013 pilot offering, we  assigned readings selected from dozens of outside sources (textbooks, journals, websites, etc.); for the Fall 2014 offering, we assigned readings from a course handbook written in-house by the curriculum development team. On both occasions, the class was team-taught by the subject-area experts who are developing the curriculum, whose topics include psychological aspects of digital forensics, especially with respect to cybercrime and hacking; file system forensics; sociological aspects of digital forensics, focusing on the structure and adversarial nature of the U.S. legal system; network forensics; high-level legal aspects of digital forensics, including the practicalities of serving as an expert witness, such as testifying in court and preparing reports; fraud investigations; mobile forensics and malware; and legal perspectives on privacy and cybercrime. In Fall 2015, we offered a heavily revised version of the course in which the technical modules were substantially updated, and the class was team-taught by the curriculum developers. In Fall 2016, the entire semester was taught for the first time by a single instructor. In Fall 2017, it will again be taught by a single instructor.

In Spring 2015, we presented a pilot offering of the advanced course, “Digital Forensics II” (also under course number CS 498 AL1). This course was team-taught by the faculty curriculum developers and guest expert speakers. Topics included standards of evidence, investigatory procedures, forms of investigation, legal procedures, reasoning about evidence, psychology of cyber crime, anti-forensics, multimedia forensics, computer forensics, web browser forensics, embedded systems forensics, network forensics, cloud forensics, and applications forensics. It introduces known barriers and open challenges in the field. In Spring 2016, we presented a revised version of the team-taught course, with significant new material on reverse engineering and malware. In Spring 2017, Digital Forensics II was taught for the first time by a single instructor, who incorporated another round of updates and revisions.