• Program Overview

    Program Overview

    Companies are looking for highly skilled personnel to detect, track, record, and interpret digital forensic data that can then be used to initiate prosecutions or secure convictions.

    Stevenson University Online's Master of Science in Cyber Forensics degree provides an advanced education for experienced information technology professionals interested in the analysis of forensically collected and acquired digital evidence. Our graduate program trains technology professionals to preserve, acquire, analyze, interpret, and document critical forensic findings for use in legal and computer security proceedings. As cyber forensics is an evolving field, companies now require the skills of certified IT professionals with cyber forensics master’s degrees.

    With both on-campus and remote access to Stevenson University Online’s highly specialized virtual lab environment, students utilize state-of-the-art forensic technology to perform hands-on work related to advanced forensic analysis. Exercises based on real-life events such as thefts of electronic information, cyber attacks, and other cyber crimes are used to educate students. This real-world training provides the foundation for practical education and dovetails with the Stevenson University mission to embrace career planning while encompassing critical learning tasks.

    The Mock Intrusion and Response Capstone

    A unique aspect of Stevenson University Online’s forensics programs, the Mock Intrusion and Response Capstone provides students with real-life experience as forensic specialists. The Capstone is the culmination of the Cyber Forensics master’s program and offers students the opportunity to apply the forensic techniques they have learned in a practical, time-sensitive setting.

    Students begin by creating curriculum vitae and engagement letters as if they were hired as consultants to investigate a case. Next, they analyze evidence from a case, create detailed reports of their methodology and analysis, and ultimately defend their findings as forensic evidence. This not only provides students a much-needed foundation to manage the demands of uncovering forensic evidence, but also prepares them to defend their data when presenting their findings both within and outside of their organizations. 

  • Courses


    • CYBF 643 - Incident Response and Evidence Collection

      3 credits

      Examines relevant laws regarding the search and seizure of digital evidence, the tools available to create a ''best evidence'' image of the digital evidence, and how to properly document the seizure, validate the image set, and establish a proper chain of custody for all evidence seized.

    • CYBF 644 - Windows Forensic Examinations

      3 credits

      Provides information essential to the performance of a forensic examination on a computer running the Microsoft Windows Operating System. Exercises focus on disk level forensic tools and techniques. This course focuses on the underlying operation of automated forensic tools, identifying the most appropriate forensic tool to be used in specific circumstances, and defending the selection of forensic tools in the courtroom under cross examination. The course will use leading edge tools from X-Ways, Helix, and EnCase.

    • CYBF 650 - Intrusion Detection Systems (IDS), Firewalls, Auditing

      3 credits

      Explores the network forensic components that detect, block and track network intrusions. Students learn how to configure IDS, firewalls and network analysis tools to protect network resources. Steps in recovering digital forensic evidence from these devices are examined. The various categories of IDS, firewall and network analysis products are compared and evaluated.

    • CYBF 661 - E-Systems Security

      3 credits

      Explores the current software and hardware products available to protect enterprise assets. Covered in this course are the methods used to ensure both secure and authenticated transmissions of proprietary corporate information across vulnerable networks. Topics will include public-key-infrastructure (PKI), digital signatures, certificate authorities, and encryption standards such as SSL, IPSEC, SET, DES, S/MIME, SHTTP. In addition, students examine techniques and software used for intrusion detection, password attacks, denial of service, spoofing, and their respective countermeasures.

    • CYBF 662 - Network Penetration Testing

      3 credits

      Explores the need for conducting ethical network penetration testing as a means to better secure existing networks and to identify artifacts that appear from attacks. Students will develop network penetration testing plans in accordance with approved industry standards. Tests, which include active and passive reconnaissance, footprinting, vulnerability identification, and exploitation, will be conducted on multiple targets. Students will generate results, including recommendations for improving the security posture of the network.

    • CYBF 663 - Network and Cloud Forensics

      3 credits

      Explores performing forensic examination of a shared pool of configurable computing cloud resources, such as networks, servers, storage applications, and services. This course will provide a practical approach to obtaining forensic data from always-on, cloud-based resources. Examinations will involve the correlation of information from different network sources. Students will distinguish live analysis from live response and perform both on a network-based resource. Students will produce a report detailing the results of a network/cloud-based forensic examination.

    • CYBF 664 - Mobile Device Forensics

      3 credits

      Explores the growing field of cellular technologies from both network architecture and hand-held device perspectives. This course will provide details regarding the type and manner of data that can be forensically obtained from mobile devices, including call logs, text messages, address books, photos, videos, and Internet history. Exercises focus on using accepted forensic procedures to acquire and analyze data from a variety of mobile devices. Students will generate analytical reports and cross reference results with data form network service providers. The course will use leading-edge tools from Paraben Corporation and Cellebrite Mobile Synchronization. The course is offered online but it is mandatory for the student to attend one 8-hour on-site class.

    • CYBF 670 - Cyber Warfare and Cyber Terrorism

      3 credits

      Explores the rapidly changing face of cyber warfare and cyber terrorism. Students will identify and characterize the fundamental aspects of cyber terrorism and the role of computers and the Internet in terrorist acts on information systems and critical infrastructure components. Students will analyze cyber warfare techniques, such as Denial of Service attacks on critical infrastructure, man-in-the-middle attacks, sabotage, and espionage. Students will evaluate the various cybercrimes that are being used to finance terrorism and cyber criminal activities.

    • CYBF 675 - Live Response and Live Acquisition

      3 credits

      Explores the fundamental differences between classical media analysis in dead box forensics and live responses and live acquisition. Students will perform both a live response to an information system that has been hacked and a live acquisition of media and memory on a running system that has been compromised. Students will then analyze the results for evidence of attack and compromised data. Finally, students will create detailed reports with findings from live responses and acquisitions.

    • CYBF 680 - Legal Compliance and Ethics

      3 credits

      Introduces students to key statutes, regulations and standards relating to the security of information, including the Federal Information Security Management Act (FISMA), the Health Insurance Portability and Accountability Act (HIPAA), the Privacy ACT of 1972, National Institute of Standards and Technology (NIST) Special Publication 800-37, and the Computer Fraud and Abuse Act. Students will analyze best practices with respect to both security and ethics to identify conflicts that may arise between the implementation of current laws and real-life responses to breaches of information systems.

    • CYBF 685 - Malware Detection, Analysis, and Prevention

      3 credits

      Explores malware, such as Trojans, droppers, and rootkits, used to gain access to computer systems and examines the infiltration methods and resultant artifacts that appear as a result of malware infections. Students will examine the role and behavior of bot networks and analyze carrier files, such as malicious PDFs, scripts, and executables. Students will isolate and analyze malware from behavioral and static approaches.

    • CYBF 710 - Mock Intrusion and Response

      3 credits

      Applies the concepts learned throughout the cyber forensics program to a real-life scenario. Students will identify and analyze a compromised multi-component information system; preserve, collect, and analyze data from multiple sources to identify attack vectors and compromised data; and produce a detailed report describing the methodology used to analyze the systems and the subsequent results. Finally, students will provide an oral defense of their reports.

  • Admissions / Tuition

    Admissions / Tuition

    • Completed online application.
    • Official college transcript from your degree-granting institution; additional transcripts may be required to demonstrate satisfaction of program-specific prerequisites or at the discretion of the Admissions Committee.
    • Cumulative GPA of 3.0 on a 4.0 scale in past academic work.
    • Two letters of recommendation from professional colleagues.
    • Personal statement.
    • Resume of professional experience.

    Program Admission Requirements

    • Bachelor's degree in a related field (Information Assurance, Computer Science, Network Administration, or Computer Security)
    • Two years of related work experience.
    • Bachelor's degree in an unrelated field.
    • Five years of experience in information technology, telecommunication systems, system administration, network management, or information assurance.
    Tuition Per Credit $670.00 Cost Per Course
    (3-Credit Hours)

    Stevenson University Online has simplified the cost of your education by eliminating all fees. Students are eligible to transfer up to 6-credit hours from a 4-year institution if applicable. 

    We offer financial aid packages to those who qualify, in addition to a reduced-tuition rate through partnerships with community colleges, healthcare organizations, and other organizations and corporations. For a full list of Stevenson's partners, please visit our Partnerships page.

  • Faculty


    Thomas Byrd (2017)
    Program Coordinator and Adjunct Professor, Cyber Forensics
    B.S., University of Nebraska
    M.S., Illinois Institute of Technology
    J.D., Loyola University Chicago School of Law 

    Adam Mattina (2012)
    Adjunct Instructor of Cyber Forensics
    B.S., Rochester Institute of Technology
    MBA, The George Washington University

    Ronald McGuire (2013)
    Adjunct Instructor, Cyber Forensics
    B.S., Western Carolina University

    Jared Myers (2016)
    Adjunct Instructor, Cyber Forensics
    B.A., Arkansas State University
    M.S., Stevenson University

    Kevin R. Rivera (2009)
    Adjunct Instructor of Forensic Studies
    B.S., Park University
    M.S., Norwich University

    Jennifer Schneider (2011)
    Adjunct Instructor, Forensic Studies
    B.S., M.S., Stevenson University

    Ronald L. Shaffer, Jr. (2007)
    Adjunct Instructor of Information Technology
    B.S., Strayer University
    M.S., Capitol College

    Jason Zeiler (2012)
    Adjunct Professor, Criminal Justice, GPS, and Cyber Forensics
    B.S., Excelsior College
    M.S., Troy University
    M.S., Stevenson University