Digital Forensics in Cybersecurity

Select start date and campus

Applying as a Canadian applicant

Domestic students should apply online or by phone at 1-888-892-2228.

Applying as an International applicant

International students should apply online.

Campus tours

Campus tours are one of the best ways to experience Conestoga. During this time, we are offering online guided tours to show you all Conestoga has to offer.

Book your tour

Virtual tours

If you can't make an on-campus tour or attend one of our events, the virtual tour is a great way to visit us.

View our Virtual tour

Courses - May 2026

Level 1

Course details

Conestoga 101
CON0101

Description: This self-directed course focuses on introducing new students to the supports, services, and opportunities available at Conestoga College. By the end of this course, students will understand the academic expectations of the Conestoga learning environment, as well as the supports available to ensure their academic success. Students will also be able to identify on-campus services that support their health and wellness, and explore ways to get actively involved in the Conestoga community through co-curricular learning opportunities.

Hours: 1
Credits: 0
Pre-Requisites:
CoRequisites:
Estimated required text and/or learning resource costs: No cost.

Cybersecurity Foundations
SECU8160

Description:

Foundational cybersecurity knowledge and skills are required to be successful in any cybersecurity program. This course includes fundamental concepts of information security through the CIA triad (confidentiality, integrity, and availability), encryption, threats, vulnerabilities, and defense. Students are introduced to techniques to detect and prevent cyber-attacks, including access authorization, intrusion detection, monitoring, and auditing. Students will also practice ethical hacking techniques to assess vulnerability through penetration testing. Knowledge and skills learned in this course will be used in other courses throughout the program.

Hours: 56
Credits: 4
Pre-Requisites:
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Digital Forensics Foundations
SECU8170

Description:

Although forensic investigation may be executed on many types of devices and systems, a consistent, systematic approach to the identification, collection, preservation, and documentation of evidence is critical. In this course, students will be introduced to forensic investigation in general and the process used to conduct investigations using several tools. Creation of investigation documentation using industry-accepted practices is also a focus. The knowledge and skills gained in this course will be applied in many other courses throughout the program.

Hours: 56
Credits: 4
Pre-Requisites:
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Digital Forensics Ethics and the Law
SECU8180

Description:

In many cases, the results of digital forensic investigations may be used in legal proceedings. It is imperative that evidence is gathered and documented in a manner that will support those proceedings. In addition, it is critical for cybersecurity professionals to work ethically while executing their work. Students will learn about both local laws and laws of other jurisdictions that will enable the processing of evidence in a manner that will be supported in court while respecting the rights and privacy of individuals, organizations, and governments.

Hours: 56
Credits: 4
Pre-Requisites:
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Windows Operating System Forensics
SECU8190

Description:

Successful exploitation of operating system vulnerabilities often results in data exfiltration, data manipulation, or extortion through the deployment of malware. In this course, students will learn to exploit Windows operating systems and examine memory and storage on those systems for evidence of a security breach. Standard industry tools will be used to gather and extract evidence and report on findings.

Hours: 42
Credits: 3
Pre-Requisites:
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Linux Operating System Forensics
SECU8200

Description:

Successful exploitation of operating system vulnerabilities often results in data exfiltration, data manipulation, or extortion through the deployment of malware. In this course, students will learn to exploit Linux-based operating systems and examine memory and storage on those systems for evidence of a security breach. Standard industry tools will be used to gather and extract evidence and report on findings.

Hours: 42
Credits: 3
Pre-Requisites:
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Cybersecurity Case Studies
SECU8210

Description:

Cybersecurity breaches happen every day, with some not discovered until well after the breach has taken place. Examining case studies of previous incidents provides an excellent mechanism to develop skills across the entire DFIR discipline through problem-solving and critical thinking. Emphasis is placed on the exploration and analysis of real-world situations and contexts for processing the response to a cybersecurity incident.

Hours: 42
Credits: 3
Pre-Requisites:
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Level 2

Course details

Network Forensics
SECU8220

Description:

Although direct attacks on digital networks are not the most common approach to penetration, all attack traffic traverses the network. Monitoring and reviewing network traffic can play a major part in evidence gathering. This course will emphasize network security monitoring and intrusion detection. Students will learn network fundamentals with a focus on network security and defense using network devices, monitoring tools, and network traffic analysis tools.

Hours: 42
Credits: 3
Pre-Requisites: SECU8170
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Cloud Forensics
SECU8230

Description:

Forensic investigation of a security incident that involves public cloud resources presents unique challenges in that not all desired data may be accessible since the infrastructure is not owned by the attacked organization. Students will focus on assessing forensic data that can be extracted from common cloud providers while acquiring and analyzing data from cloud sources.

Hours: 42
Credits: 3
Pre-Requisites: SECU8170
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Mobile Forensics
SECU8240

Description:

Mobile devices are highly targeted in cyber attacks and can present unique challenges regarding forensic investigation since some onboard data may be encrypted, and some data may be stored on cloud servers in either encrypted or plain-text form. This course focuses on the extraction and collection of data from mobile devices and related cloud services using standard tools to assist in forensic investigation.

Hours: 42
Credits: 3
Pre-Requisites: SECU8170
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Advanced Topics in Digital Forensics
SECU8250

Description:

Everything in the field of cybersecurity is changing and advancing rapidly, with digital forensics being no exception. In this course, students will engage in the investigation of current and emerging topics related to digital forensics. New technologies and techniques will be explored through a review of white papers, proof of concepts, conference proceedings, and similar sources.

Hours: 42
Credits: 3
Pre-Requisites: SECU8170
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Forensics Project
SECU8260

Description:

The ability to synthesize what was learned throughout the program and apply the knowledge and skills gained is important to becoming an effective worker in the field. This course will engage students in a major group project that will require the utilization of many of the skills learned in other courses, plus additional research. Communication and presentation skills will be heavily emphasized.

Hours: 84
Credits: 6
Pre-Requisites: SECU8170
CoRequisites:
Estimated required text and/or learning resource costs: Not available at this time.

Please note:

Estimated required text and/or learning resource costs are based on the most recent available data through the Conestoga Campus Store.

Program outcomes

Design and evaluate innovative strategies to provide cybersecurity solutions for organizational processes and applications.
Create and document processes required for the maintenance and deployment of information controls solutions.
Design and implement cybersecurity solutions and protocols to comply with current security policies, ethical standards, and industry regulations.
Apply project management tools and techniques to manage the communication and resources invested in responding to an enterprise information security issue.
Explain an organization's information security protocols, policies and audit results by various mechanisms including presentations and written reports tailored to educate the intended audience.
Communicate professionally and collaboratively with internal and external stakeholders to meet organizational cybersecurity objectives.
Analyze vulnerabilities in networks and integrated systems to identify and recommend potential solutions to security issues.
Develop a plan for personal, career, and entrepreneurial growth to enhance work performance and maintain currency with the industry.
Extract and preserve digital forensic evidence to analyze and evaluate cybersecurity attacks.
Analyze data and digital devices using forensic techniques to identify exploited attack vectors.