University Computer Forensic Courses – Are they any good?

Over the past few years computer forensics courses at university have become more and more popular.

Initially it was just a few Universities offering these courses, Royal Holloway and Cranfield, but over time everyone else has got in the act.

Universities everywhere, from Glamorgan to Glasgow, Bournemouth to Birmingham, they all run a computer forensic course. Some lecturers are quite open, the courses are just a revenue stream for their  Universitity, others imply that the course gives the students stepping stone into computer forensics.

Sadly, most courses are quite pointless. They are ran by people who have never worked in the industry, and there only experience is from a couple of police cases they may have seen, books they have read, or the research they have done.

The course are, generally, about 5 years behind the technology curve with lectures and students alike completely unaware of the applications now available. Concepts such as culling down data, clustering, review platforms, data theft, or the civil procedure rules, are hardly touched; if at all.

Data recovery is just touched on, and if you asked a lecturer about the best tools to recover a corrupted EDB file on RAID, they would, most likely, just stare back at you.

The legal side of the industry is only just covered, from a criminal perspective, where its very black and white, but the multi-billion dollar civil side of the industry, where most of the jobs are, is not covered at all.

So the information being taught is outdated, police orientated, and does not cover anything to do with Electronic Discovery, the Civil Procedure Rules or the like.

Having interviewed many many computer forensics graduate after computer forensics graduate over the past few years, I decided that meeting most of them was a waste of  our time (mine and theirs), as their knowledge was so poor.

Some students, even those with a 2:1, had never handled hard drives, most had never heard of back up tapes, and none of them had a clue about the civil procedure rules (the very laws that govern the computer forensics industry for expert witnesses). Technical questions about de-duplication or the like fell on deaf ears, and most looked perplexed at the questions, let alone the answer.

There are some good lecturers out there, and some of the modules for some of the courses at some of the universities will be good. But for those hoping to get into computer forensics an MSc in Computer Forensics is not the best way to educate yourself in the subject, as the people teaching you have probably never done it.

So what’s a good way into the computer forensics industry?


If you are an undergraduate, do a degree in computer science, maths, or a pure science. Learn about computers, programming, and writing scripts.

In your spare time, get hold of a *ahem* copies of EnCase, FTK, and hex editors. Play with operating systems, learn about forensic artifacts, set up virtual machines and recover data. Buy old hard drives from eBay and try and find information on them. This way you will end up with a good degree, with a good background in science, and the basic skills for the subject you want to do.


If your a post graduate, and you have a coupe of grand to spend, follow the basic above, learn the basics of your craft in your spare time and then buy an EnCase Passport course. It costs around £3,000  and entitles you to as many Encase course as you want to attend in 12 months, you will certainly gain more from it than an MSc in computer forensics.

If you are on a course  or run a course that you think is the bees knees, let me know. If you are thinking about attending a course, or think that your course is not what you had hoped have a go at the test below, or if your brave enough ask your lecture to have a go at the tests here, and see how they do!

Computer Forensics is about experience, intellect, and knowledge of the tools and the subject.

I have a BSc in Chemistry, completed numerous course ( including nearly all of the EnCase Courses and several FTK courses), worked in 4 continents, over a decade of investigative experience and an MSc in computer forensics.

The MSc had been of the least value to me, in terms of practical or theoretical knowledge.

Forensics Quiz


6 Responses to “University Computer Forensic Courses – Are they any good?”

  1. Forencis: Computer Forensics Qualifications « Data - Where is it? Says:

    […] required is room and a rubber stamp. Not all universities are created equal, and a degree in one is unlikely to teach those going into the industry how do their job. But, its better than no degree at […]

  2. How do you get a job in computer forensics? « Data - Where is it? Says:

    […] Have/get a good degree, from a good university.  Some employers will prefer a good science degree from a good university, rather than a second rate degree from a second rate university […]

  3. Forensics: Working in Computer Forensics « Data – Where is it? Says:

    […] Are degree courses in computer forensics any good? […]

  4. Forensics: What do you get paid in computer forensics? « Data – Where is it? Says:

    […] searches  that is not a highly skilled, are arguably even a skilled  job. You may have been to university and got a degree but plugging in hard drives  and imaging them cannot be compared to the job of  an aeronautical […]

  5. Computer Forensics: How NOT to interview « Data – Where is it? Says:

    […] All of the people were graduates or in the final weeks of their degree, most of them were taking computer forensics courses. In addition to this all of them most of them had been through a recruiter. Clearly there was no […]

  6. Computer Forensics Courses in Clearing « Data – Where is it? Says:

    […] Computer Forensics courses are not all what they say they are. Take a look at some interview examples to see for […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: