The curriculum in Digital Forensics aims to provide students with core skills in wide aspects of the security of information systems and specialized skills in computer security incidents and crime evidence. It gives students a unique chance to study under high-level cyber security practitioners from Estonian banks, telecoms, law enforcement, CERT and the NATO Cooperative Cyber Defence Centre of Excellence. The programme introduces students to this exciting environment and provides them with an opportunity to conduct research within the Estonian Centre of Excellence in Computer Science.
The curriculum in Digital Forensics is taught in close cooperation with the programme in Cyber Security, having a noticeable overlap. Digital Forensics covers the important aspects of incident handling of cyber security, while focusing more on tracking, finding and understanding the evidence of security incidents, fraud and criminal activity in general.
It is jointly delivered by the two largest public universities in Estonia under the more general umbrella of Cyber Defence: admitted students will be registered both at the Tallinn University of Technology and the University of Tartu for the duration of the programme. Upon successful completion of the programme students will receive a joint degree signed by both universities.
Estonia is well known for its eagerness to put innovative IT solutions into everyday use. It is a pioneer in electronic identities and electronic voting and enthusiastically adopts mobile technology, online banking and electronic government services. Thus the aspects of cyber crime and digital evidence of ordinary crime are extremely important for the Estonian economy, security and society in general.
- A programme that is unique in Europe offered in a country that has national experience of cyber attacks
- An internationally recognised qualification
- No requirement for work or study experience in law enforcement
- Close cooperation with cyber defence studies
- Specialisation in technological or organisational aspects or a combination of both
- Specialised software and systems actually used by practitioners
- Teaching staff have the latest high-level experience and know-how
- International guest lecturers from related industries and institutions (banks, CERT, law enforcement, NATO Cooperative Cyber Defence Centre of Excellence et al.)
Evidence acquisition, memory acquisition, device, file, registry and log analysis, timeline creation and analysis.
Network data analysis, IPS, IDS, analysis automation, protocol reversing
Methods of Security Incidence Handling and Cyber Forensic
Computer security incidents, triage, incident handling procedures, law enforcement view
Peculiarities, reliability and collection of digital evidence in different jurisdictions.
Privacy and Data Protection Law
Privacy, informational self-determination, data protection authorities
Worms, trojans, rootkits, botnets, early detection
Data Mining and Network Analysis
Quantitative and qualitative analysis, detection of automated fraud. Network analysis.
Please find detailed information about curriculum
The curriculum conveys the specialist knowledge and professional skills needed on a career path leading to high-end technical roles (e.g. security incident handler in a company or a digital forensic expert in a law enforcement agency) or managerial roles (e.g. project/team leader). The studies are also an excellent addition to a previous background in legal studies or law enforcement, leading to unique career opportunities. The theoretical knowledge acquired is also adequate for continuing studies as a Ph.D student.
Great networking possibilities and collaboration with leading specialists in the field will present graduates with a range of career opportunities.
The studies can also be continued at doctoral level. The direct follow-up curriculum at TUT is Information and Communication Technology (IAQD).
Please pay attention as this programme you are applying for, has specific prerequisites:
- Bachelor's degree in IT, ICT or Economics or a related field (degree in other field is accepted only if candidate has either previous work experience or in-service training in IT).
- Motivation letter (1-5 points)
- Online lab
- Online interview (1-5 points)
For the programme you apply to, an individual motivation letter (statement of purpose) must be inserted.
Please include following:
- Describe your professional goals. How does the degree programme you are applying for will support your professional profile?
- Why do you apply for the chosen programme? Which of the courses offered in this programme are particularly beneficial in pursuing your professional goals?
- List previous experience (including work experience) in the fields of cyber security, digital forensics, security management or strategies or if you have any law-background or programming experience.
- List achievements that you are very proud of. For example, this might include the development of open-source tools; published academic papers; etc.
- Please point out 1-2 potential research questions of your interest, about which you might consider writing your final MSc thesis.
Candidate must collect at least 2.5 points to continue in the competition.
PS! It is important to properly cite any sources (quotations, publications, ideas which are not your own etc.) used in your motivation letter, because to do otherwise would be plagiarism and result in disqualification.
Questionnaire type of test (mostly multiple choice answers) is a simple Google form. After you have completed the questionnaire, you will be given access to a virtual lab environment.
A good Internet connection is recommended in order to access the virtual lab. The virtual lab is cloud-based so no special hardware or software is required. More detailed information will be sent to your email after completing the initial questionnaire.
After completing both parts of the online test (questionnaire and simulation) you will be informed by e-mail whether you passed the test and may proceed for the online interview or whether your application will no longer be considered. The purpose of the interview is to verify the candidate's suitability for the program. This is to ensure your success in this program. We are trying to understand your academic potential, motivation and suitability for your chosen course. For this reason, the interview will include some technical questions.
Questions are composed to assess your:
- problem-solving abilities;
- intellectual flexibility and analytical skills;
- assimilation of new ideas and information.
Some of the questions are very simple, and some are more intended to make you think. It is not a problem, if you do not know the answer to a specific question. We will ask alternative questions from the same topic area before points are lost. Also a good idea is to speak out loud what goes through your head.
Topics that are covered during interview
Interviews are discussion-based, mainly academic and program-related:
- personal motivation and information provided in the written application;
- engagement with the cyber security area;
- algorithms and scripting/programming;
- network security;
- digital forensics;
- security management & strategies;
- legal and ethical aspects of cyber security;
- potential project idea for thesis topic.
The length of an interview vary between 10-15 minutes and will be conducted by the specialists in the program you have applied for.
Threshold 7 points - applicants receiving at least 7 points on their entrance exams get admissions to TTÜ.
For general admission requirements please visit the Admissions section.
The yearly fee for a typical student is calculated based on 60 ECTS per year (full study load). The following is an estimation based on 2018/2019 fees:
- 1 ECTS is 100 EUR
- first study year is 6000 EUR
PS! Non-EU students must pay in advance for 60 ECTS (yearly load) before starting their studies.
A tuition fee waiver is a non-monetary scholarship granted automatically to the best ranked candidates, according to the points earned in the course of admission. There is no separate application required. Decisions are made based on the Dreamapply application. Scholarship is awarded for the whole study period. Recipients of the scholarships are required to study full-time, i.e. with the workload of at least 60 ECTS per year. If the student starts studying part-time, he/she will lose the tuition fee waiver and will start paying for studies.
Please check here for scholarship options.