2340x500_STI_Focus_Areas9.jpg

Graduate Certificate Programs: Incident Response

Designed for working InfoSec and IT professionals, the graduate certificate in Incident Response is a highly technical program focused on developing your ability to manage both a computer and network-based forensics investigation as well as the appropriate incident responses.

Format Option: A 100% online option is available
Courses:
4
Capstone: 1
GIAC Certifications: 4
Credits: 13
Duration: 18-24 months
Total Program Cost: $23,375

The SANS.edu Advantage

STI_Advantage_Icons-20.svg

GIAC Certifications

Earn 4 industry-recognized GIAC cybersecurity certifications.

STI_Advantage_Icons-22.svg

100% Online Option Available

You have the option of completing the program through live or rewindable online courses.

STI_Advantage_Icons-23.svg

World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.

STI_Advantage_Icons-24.svg

Pathway to a Master’s Degree

All credits earned in this program can transfer into our master’s degree program.

STI_Advantage_Icons-25.svg

SANS.edu Academic Pricing

Get SANS.edu academic pricing on SANS courses and GIAC certifications.

STI_Advantage_Icons-26.svg

Powerful Network

Make connections with some of the most talented students and teachers in the industry.

2340x500_STI_Quotes_Beige12.jpg

“I have my master's in computer science, but I completed three graduate certificate programs with SANS so I could truly dive deep into technical areas of cybersecurity and learn from instructors who are leading the industry.” - Jeff Sass, Senior Engineering Manager, Adobe

GAC_Header_-_2340x5002.jpg

Join us for a free online info session to learn more.

Learn How To:

    • Conduct vulnerability scanning and exploitation of various systems and applications using a careful, documented methodology to provide explicit proof of the extent and nature of IT infrastructure risks, conducting these activities according to well-defined rules of engagement and a clear scope.
    • Provide documentation of activities performed during testing, including all exploited vulnerabilities and how those vulnerabilities were combined into attacks to demonstrate business or institutional risk.
    • Produce an estimated risk level for a given discovered flaw by using the amount of effort the team needed to expend in penetrating the information system as an indicator of the penetration resistance of the system.
    • Provide actionable results with information about possible remediation measures for the successful attacks performed.

Curriculum | 13 credit hours

In this hands-on program, you’ll begin with a foundational course, progress through 3 advanced graduate courses — including a specialized elective of your choice — and test your technical skills in DFIR NetWars Continuous, a graded, online range exercise.

Required Core Courses | 10 credit hours

  • SANS Course: FOR500: Windows Forensic Analysis
    Certification: GIAC Certified Forensic Examiner (GCFE)

    3 Credit Hours

    ISE 6420 Computer Forensic Investigations - Windows focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to investigate computer incidents successfully. Students learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation. The course covers the methodology of in-depth computer forensic examinations, digital investigative analysis, and media exploitation so each student will have complete qualifications to work as a computer forensic investigator helping to solve and fight crime.

  • SANS Course: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
    Certification: GIAC Certified Forensic Analyst (GCFA)

    3 Credit Hours

    ISE 6425 teaches the necessary capabilities for forensic analysts and incident responders to identify and counter a wide range of threats within enterprise networks, including economic espionage, hacktivism, and financial crime syndicates. The course shows students how to work as digital forensic analysts and incident response team members to identify, contain, and remediate sophisticated threats-including nation-state sponsored Advanced Persistent Threats and financial crime syndicates. Students work in a hands-on lab developed from a real-world targeted attack on an enterprise network in order to learn how to identify what data might be stolen and by whom, how to contain a threat, and how to manage and counter an attack.

  • SANS Course: FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
    Certification: GIAC Network Forensic Analyst (GNFA)

    3 Credit Hours

    ISE 6440: Advanced Network Forensics and Analysis focuses on the most critical skills needed to mount efficient and effective post-incident response investigations. Moving beyond the host-focused experiences in ISE 6420 and ISE 6425, ISE 6440 covers the tools, technology, and processes required to integrate network evidence sources into investigations, covering high-level NetFlow analysis, low-level pcap exploration, and ancillary network log examination. Hands-on exercises in FOR 572 cover a wide range of open source and commercial tools, and real-world scenarios help the student learn the underlying techniques and practices to best evaluate the most common types of network-based attacks.

  • Content: DFIR NetWars Continuous
    1 Credit Hour

    DFIR NetWars Continuous is an incident simulator packed with a vast amount of forensic, malware analysis, threat hunting, and incident response challenges designed to help you gain proficiency without the risk associated when working real-life incidents.

Elective Courses | 3 credit hours

Students select one of the following.

  • SANS Course: SEC504: Hacker Tools, Techniques, and Incident Handling
    Certification: GIAC Certified Incident Handler (GCIH)

    3 Credit Hours

    By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.

  • SANS Course: FOR578: Cyber Threat Intelligence
    Certification: GIAC Cyber Threat Intelligence (GCTI)

    3 Credit Hours

    ISE 6445 will equip you, your security team, and your organization in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and to accurately and effectively counter those threats. This course focuses on structured analysis in order to establish a solid foundation for any security skillset and to amplify existing skills.

  • SANS Course: FOR585: Smartphone Forensic Analysis In-Depth
    Certification: GIAC Advanced Smartphone Forensics (GASF)

    3 Credit Hours

    The focus of ISE 6450 is on teaching students how to perform forensic examinations on devices such as mobile phones and tablets. Students will add to their forensics skills with this course's focus on the advanced skills of mobile forensics, device file system analysis, mobile application behavior, event artifact analysis and the identification and analysis of mobile device malware. Students will learn how to detect, decode, decrypt, and correctly interpret evidence recovered from mobile devices. The course features a number of hands-on labs that allow students to analyze different datasets from smart devices and leverage the best forensic tools and custom scripts to learn how smartphone data hide and can be easily misinterpreted by forensic tools.

  • SANS Course: FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
    Certification: GIAC Reverse Engineering Malware (GREM)

    3 Credit Hours

    ISE 6460 teaches students how to examine and reverse engineer malicious programs - spyware, bots, Trojans, etc. - that target or run on Microsoft Windows, within browser environments such as JavaScript or Flash files, or within malicious document files (including Word and PDF). The course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger and other tools. The malware analysis process taught in this class helps students understand how incident responders assess the severity and repercussions of a situation that involves malicious software and plan recovery steps. Students also experience how forensics investigators learn to understand key characteristics of malware discovered during the examination, including how to establish indicators of compromise (IOCs) for scoping and containing the incident.

2340x500_STI_Faculty3.jpg

Study with the best faculty in cyber security

2340x500_STI_Quotes8.jpg

“I chose the SANS graduate program because the technical content and faculty are unparalleled, and the mix of live and online instruction fit into my work life.” - Joshua Lewis, VP, Threat Intelligence & Incident Response, Umpqua Bank

Success Stories

Course Delivery Options

Complete any of our cybersecurity degree or certificate programs by taking courses that are 100% online or that start with weeklong in-person events held across the country and around the world. Or you can do a mix of both.
470x382_STI_Masters_Degree_Tuition.jpg

Tuition

Total program cost: $23,375

Tuition includes the cost of the course, textbooks, and certification tests that serve as mid-term or final exams for courses.

Get the Credit You Deserve
Students who have taken SANS training classes and have active GIAC certifications may be able to waive one course and GIAC certification into the program. See our waiver policy.



Funding Options

2340x500_STI_Questions2.jpg

Questions?

We're happy to help. Email info@sans.edu or call 301.241.7665.

About the SANS Technology Institute

Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering undergraduate and graduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

The SANS Technology Institute is accredited by The Middle States Commission on Higher Education (3624 Market Street, Philadelphia, PA 19104 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.