An 8-week program covering the incident response life cycle, analysis methodology, and the handling of digital forensic evidence for cybersecurity personnel.
As cybersecurity breaches continue to affect almost every industry and organization type on a virtually daily basis, the need for personnel with strong skills in handling cybersecurity incidents is as critical as ever. DePaul’s Incident Response and Digital Forensics Program covers the most recent advancements in incident response tactics and tools such as Splunk and SIFT. The program is intended for Security Operations Center (SOC) analysts who have some experience handling aspects of security incidents and want to bring their knowledge and skills to the next level in order to become part of an incident response team. It is also suitable for professionals with a computer forensics background who want to learn about the investigative process to properly scope and investigate incidents. Developing the investigator mindset that is critical to any successful incident response will be strongly stressed throughout the program.
Program participants will:
Understand the incident response life cycle and methodology
Learn to collect and handle forensic evidence
Conduct forensic analysis of major sources of evidence from Windows and Linux systems
Learn to conduct network and memory forensics of Windows systems
Learn to triage malicious files, including documents, executables, and scripts
Learn to write various types of reports and document important information
Program content includes lectures, demos, a review and discussion of case studies, and the completion of various security-related labs such as malware triage that will reinforce concepts covered in class. Students are required to bring their laptop computers to class. In order to successfully install the software used in the program, the student's laptop must have the following minimum or recommended specifications--Operating system: Windows 7 (64-bit) or later preferred, or Mac OS 10.9 or later preferred; Hardware: 4 GB of RAM or better (8 GB-16 GB preferred); at minimum, a 64-bit dual-core CPU (processor), however, a 64-bit quad-core processor or better is recommended; at least 80 GB of free hard drive space should be available for virtual machine storage. Students must have full administrator rights to their personal computers in order to successfully install and use the software.
For a complete program description,
download the program's brochure.
Dates & Location
Autumn Quarter 2020:
Application Deadline:Late Aug. 2020
Tuition Deadline:Late Aug. 2020
Classes Begin:Week of Sept. 7th (Date TBA)
Classes End:Week of Nov. 23rd (Date TBA)
On-campus section: Classes usually meet at the Loop Campus one evening per week (5:45pm-9pm; weeknight to be announced).
Autumn Quarter 2020
Full payment of tuition must be received before the start of the program. Students who elect to pay tuition using a credit or debit card will be assessed a non-refundable 2.75% convenience fee.
Refund/Cancellation Policy: DePaul reserves the right to cancel any program before that program’s first scheduled meeting, in which case tuition fees (but not convenience fees) will be refunded. The university's refund policy allows a return of 100% of tuition if the student drops the Incident Response and Digital Forensics Program within one week of the first day of the program (convenience fees will not be refunded).
Notice for Current DePaul Students
- Undergraduates: Please be aware that the tuition fee for this program is not included in the university’s full-time term package pricing.
Each program requires a $40.00 (non-refundable) application fee that can be paid online (via credit card) during the online application process. If you need to pay this fee by check or money order, please make the check or money order payable to DePaul University and send it to:
DePaul University Institute for Professional Development
243 S. Wabash Avenue
Chicago, IL 60604
Textbooks are a separate purchase to be made by students.
Reading materials for certificate programs consist of textbooks and supplementary handouts. Textbook readings are considered preparatory in nature and are typically assigned prior to lectures; supplementary handouts are frequently distributed in class to provide additional information.
Title: Incident Response and Computer Forensics, 3rd Edition
Author: Jason Luttgens, Matthew Pepe, and Kevin Mandia
List Price: $62.00
Fees are payable by check made out to DePaul University, or by credit card. Students who elect to pay tuition using a credit or debit card will be assessed a non-refundable 2.75% convenience fee.
Applicants who are eligible for a tuition reimbursement program offered by their employer and are interested in deferring their tuition payment using the university's Employer Tuition Deferral Plan must return the Employer Tuition Deferral Plan application to the Institute for Professional Development Office. Submitting this application to any other DePaul office may delay the student's registration process. Information about this plan, along with an application form, is found
Applicants who wish to use the university's Single Term Payment Plan or a third-party billing arrangement should contact the Institute for Professional Development office at (312) 362-6282 for details.
Applicants should have IT security-related work experience, along with a basic understanding of network fundamentals (i.e., TCP/IP) and experience with Windows and Linux operating systems. Applicants should also have basic knowledge or experience analyzing network traffic, system and application logs, and alerts from security technologies such as firewalls, intrusion detection systems (IDS), and anti-virus software. Students are required to bring their laptop computers to class.
The Incident Response and Digital Forensics Program is catalogued as a non-credit course of DePaul University. A certificate of completion from DePaul University is awarded to those who successfully complete the program's requirements. Program requirements include lab work, reading and homework assignments, and a case study project. No midterm or final exams are conducted.
The Incident Response and Digital Forensics Program is a graded course. A final grade letter as well as DePaul transcript (upon request) will be available upon program completion.
Application & Registration Procedure
All interested parties should apply for admission using the Institute for Professional Development's
online application; or, to apply via fax, mail, or in person, print out and complete the
Application Form. Upon admission, the Institute office will contact the prospective student with registration information and instructions.
You do not have to be an existing DePaul student to take this certificate program. Registration is restricted to individuals who apply for admission to the program and receive an acceptance letter. IPD staff will register applicants upon receipt of payment and registration form.
Regular DePaul students cannot register themselves via the university's registration system. If interested in enrollment, regular DePaul students should begin by submitting an application for admission. Students must meet the program's admission criteria.