Graduate Certificate Programs: Digital Forensics

3 Credit Hours

In ISE 6498, you’ll develop essential skills in digital forensics acquisition and rapid triage, learning how to identify, collect, and preserve digital evidence across a wide range of devices and environments—from computers and mobile devices to network and cloud storage—while maintaining forensic soundness. You’ll gain hands-on experience with tools and techniques that enable you to perform quick, effective triage and extract actionable intelligence early in an investigation, helping you accelerate response and decision-making in real-world incidents. This course strengthens foundational capabilities for incident responders, digital forensic analysts, and cybersecurity professionals operating in high-pressure, evidence-driven scenarios.

3 Credit Hours

ISE 6420 Computer Forensic Investigations - Windows focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to investigate computer incidents successfully. Students learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation. The course covers the methodology of in-depth computer forensic examinations, digital investigative analysis, and media exploitation so each student will have complete qualifications to work as a computer forensic investigator helping to solve and fight crime.

3 Credit Hours

The focus of ISE 6450 is on teaching students how to perform forensic examinations on devices such as mobile phones and tablets. Students will add to their forensics skills with this course's focus on the advanced skills of mobile forensics, device file system analysis, mobile application behavior, event artifact analysis and the identification and analysis of mobile device malware. Students will learn how to detect, decode, decrypt, and correctly interpret evidence recovered from mobile devices. The course features a number of hands-on labs that allow students to analyze different datasets from smart devices and leverage the best forensic tools and custom scripts to learn how smartphone data hide and can be easily misinterpreted by forensic tools.

3 Credit Hours

ISE 6455 provides the techniques and skills necessary to take on any Mac or iOS case without hesitation. The intense hands-on forensic analysis and incident response skills taught in the course will enable students to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. In addition to traditional investigations, the course presents intrusion and incident response scenarios to help analysts learn ways to identify and hunt down attackers that have compromised Apple devices.

3 Credit Hours

ISE 6425 teaches the necessary capabilities for forensic analysts and incident responders to identify and counter a wide range of threats within enterprise networks, including economic espionage, hacktivism, and financial crime syndicates. The course shows students how to work as digital forensic analysts and incident response team members to identify, contain, and remediate sophisticated threats-including nation-state sponsored Advanced Persistent Threats and financial crime syndicates. Students work in a hands-on lab developed from a real-world targeted attack on an enterprise network in order to learn how to identify what data might be stolen and by whom, how to contain a threat, and how to manage and counter an attack.

3 Credit Hours

ISE 6440: Advanced Network Forensics and Analysis focuses on the most critical skills needed to mount efficient and effective post-incident response investigations. Moving beyond the host-focused experiences in ISE 6420 and ISE 6425, ISE 6440 covers the tools, technology, and processes required to integrate network evidence sources into investigations, covering high-level NetFlow analysis, low-level pcap exploration, and ancillary network log examination. Hands-on exercises in FOR 572 cover a wide range of open source and commercial tools, and real-world scenarios help the student learn the underlying techniques and practices to best evaluate the most common types of network-based attacks.

3 Credit Hours

ISE 6460 teaches students how to examine and reverse engineer malicious programs - spyware, bots, Trojans, etc. - that target or run on Microsoft Windows, within browser environments such as JavaScript or Flash files, or within malicious document files (including Word and PDF). The course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger and other tools. The malware analysis process taught in this class helps students understand how incident responders assess the severity and repercussions of a situation that involves malicious software and plan recovery steps. Students also experience how forensics investigators learn to understand key characteristics of malware discovered during the examination, including how to establish indicators of compromise (IOCs) for scoping and containing the incident.

3 Credit Hours

In ISE 6497, you'll learn how to conduct effective, ethical open-source intelligence (OSINT) research using real-world tools and techniques. This hands-on course teaches you how to collect, analyze, and interpret publicly available information while maintaining strong operational security (OPSEC), giving you the skills to uncover critical insights from websites, social media, public records, breach data, and more. Through real-world labs and scenarios, you'll practice essential OSINT methods - from managing research accounts and dissecting digital footprints to analyzing metadata and producing actionable intelligence for investigations, threat assessments, and strategic decision-making. ISE 6497 equips students in cybersecurity, threat intelligence, law enforcement, and investigations with practical OSINT skills you can apply immediately in your work.

3 Credit Hours

In ISE 6587, you’ll take your OSINT skills to the next level with advanced techniques for gathering, analyzing, and validating intelligence from publicly available sources. This fast-paced, hands-on course builds on foundational OSINT concepts and introduces sophisticated methods—including automation with Python and APIs, Dark Web navigation, cryptocurrency tracing, and advanced image and video analysis—to help you collect and interpret data at scale. You’ll also explore disinformation detection, geopolitical OSINT challenges, and the use of AI tools in investigations, all through real-world labs and scenarios that mirror professional environments. By the end of the course, you’ll be ready to apply advanced OSINT techniques in high-stakes contexts such as threat intelligence, law enforcement, national security, and corporate investigations.

3 Credit Hours

In ISE 6442: Enterprise Cloud Forensics and Incident Response, examiners will learn how each of the major cloud service providers (Microsoft Azure, Amazon AWS and Google Cloud Platform) are extending analyst's capabilities with new evidence sources not available in traditional on-premise investigations. Incident response and forensics are primarily about following breadcrumbs left behind by attackers. This class is primarily a log analysis class to help examiners come up to speed quickly with cloud based investigation techniques. Numerous hands-on labs throughout the course will allow you to access evidence generated based on the most common incidents and investigations. You will learn where to pull data from and how to analyze it to find evil.

3 Credit Hours

ISE 6608 focuses on identifying and responding to incidents too large to focus on individual machines. The concepts are similar: gathering, analyzing, and making decisions based on information from hundreds of machines. This requires the ability to automate and the ability to quickly focus on the right information for analysis. By using example tools built to operate at enterprise-class scale, students will learn the techniques to collect focused data for incident response and threat hunting. Students will then dig into analysis methodologies, learning multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using timeline, graphing, structured, and unstructured analysis techniques.

3 Credit Hours

In ISE 6577, you’ll build advanced skills to detect, investigate, and respond to sophisticated cyber threats on Linux systems, one of the most widely used platforms in enterprise and cloud environments. You’ll learn hands-on techniques for incident response and threat hunting, including how to collect and analyze disk and memory evidence, track attacker behavior from initial breach through lateral movement, and develop actionable threat intelligence using tools like the SIFT Workstation. Through real-world labs and a capstone challenge, you’ll practice rapid triage and timeline analysis, learn to identify stealthy adversaries, and gain confidence responding to complex intrusions. Whether you’re on a digital forensics team, a threat hunting unit, or responsible for protecting Linux infrastructure, this course equips you with practical skills to uncover, contain, and remediate advanced threats effectively.

3 Credit Hours

ISE 6445 will equip you, your security team, and your organization in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and to counter those threats accurately and effectively. This course focuses on structured analysis to establish a solid foundation for any security skillset and to amplify existing skills.