An 8-week program covering the incident response life cycle, analysis methodology, and the handling of digital forensic evidence for cybersecurity personnel
As cybersecurity breaches continue to affect almost every industry and organization type on a virtually daily basis, the need for personnel with strong skills in handling cybersecurity incidents is as critical as ever. DePaul’s Incident Response and Digital Forensics Program covers the most recent advancements in incident response tactics and tools such as Splunk and SIFT. The program is intended for Security Operations Center (SOC) analysts who have some experience handling aspects of security incidents and want to bring their knowledge and skills to the next level in order to become part of an incident response team. It is also suitable for professionals with a computer forensics background who want to learn about the investigative process to properly scope and investigate incidents. Developing the investigator mindset that is critical to any successful incident response will be strongly stressed throughout the program.
Program participants will:
Understand the incident response life cycle and methodology
Learn to collect and handle forensic evidence
Conduct forensic analysis of major sources of evidence from Windows and Linux systems
Learn to conduct network and memory forensics of Windows systems
Learn to triage malicious files, including documents, executables, and scripts
Learn to write various types of reports and document important information
Program content includes lectures, demos, a review and discussion of case studies, and the completion of various security-related labs such as malware triage that will reinforce concepts covered in class. Students are required to bring their laptop computers to class. In order to successfully install the software used in the program, the student's laptop must have the following minimum or recommended specifications--Operating system: Windows 7 (64-bit) or later preferred, or Mac OS 10.9 or later preferred; Hardware: 4 GB of RAM or better (8 GB-16 GB preferred); at minimum, a 64-bit dual-core CPU (processor), however, a 64-bit quad-core processor or better is recommended; at least 80 GB of free hard drive space should be available for virtual machine storage. Students must have full administrator rights to their personal computers in order to successfully install and use the software.
For a complete program description,
download the program's brochure.
Dates & Location
Winter Quarter 2020:
There is no session scheduled this quarter.
On-campus section: Classes meet one evening per week (5:45pm-9pm) at DePaul's Loop Campus at 243 S. Wabash Avenue, Chicago.
Winter Quarter 2020
The tuition fee for this program is not included in the university's tuition package for full-time undergraduate students.
Full payment of tuition must be received before the start of the program. Students who elect to pay tuition using a credit or debit card will be assessed a non-redundable 2.75% convenience fee.
Refund/Cancellation Policy: DePaul reserves the right to cancel any program before that program’s first scheduled meeting, in which case tuition fees (but not convenience fees) will be refunded. The university's refund policy allows a return of 100% of tuition if the student drops the Incident Response and Digital Forensics Program within one week of the program's start date (convenience fees will not be refunded).
Each program requires a $40.00 (non-refundable) application fee that can be paid online (via credit card) during the online application process. If you need to pay this fee by check or money order, please make the check or money order payable to DePaul University and send it to:
DePaul University Institute for Professional Development
243 S. Wabash Avenue
Chicago, IL 60604
Textbooks are a separate purchase to be made by students.
Reading materials for certificate programs consist of textbooks and supplementary handouts. Textbook readings are considered preparatory in nature and are typically assigned prior to lectures; supplementary handouts are frequently distributed in class to provide additional information.
Title: Incident Response and Computer Forensics, 3rd Edition
Author: Jason Luttgens, Matthew Pepe, and Kevin Mandia
List Price: $62.00
Fees are payable by check made out to DePaul University, or by credit card. Students who elect to pay tuition using a credit or debit card will be assessed a non-refundable 2.75% convenience fee.
Applicants who are eligible for a tuition reimbursement program offered by their employer and are interested in deferring their tuition payment using the university's Employer Tuition Deferral Plan must return the Employer Tuition Deferral Plan application to the Institute for Professional Development Office. Submitting this application to any other DePaul office may delay the student's registration process. Information about this plan, along with an application form, is found
Applicants who wish to use the university's Single Term Payment Plan or a third-party billing arrangement should contact the Institute for Professional Development office at (312) 362-6282 for details.
Applicants should have IT security-related work experience, along with a basic understanding of network fundamentals (i.e., TCP/IP) and experience with Windows and Linux operating systems. Applicants should also have basic knowledge or experience analyzing network traffic, system and application logs, and alerts from security technologies such as firewalls, intrusion detection systems (IDS), and anti-virus software. Students are required to bring their laptop computers to class.
The Incident Response and Digital Forensics Program is catalogued as a non-credit course of DePaul University. A certificate of completion from DePaul University is awarded to those who successfully complete the program's requirements. Program requirements include lab work, reading and homework assignments, and a case study project. No midterm or final exams are conducted.
The Incident Response and Digital Forensics Program is a graded course. A final grade letter as well as DePaul transcript (upon request) will be available upon program completion.
Application & Registration Procedure
All interested parties should apply for admission using the Institute for Professional Development's
online application; or, to apply via fax, mail, or in person, print out and complete the
Application Form. Upon admission, the Institute office will contact the prospective student with registration information and instructions.
Registration is restricted to admitted students. IPD staff will register students upon receipt of payment and registration form. Regular DePaul students cannot register themselves via the university's registration system.