2340x500_STI_Focus_Areas9.jpg

Graduate Certificate Programs: Incident Response

Designed for working InfoSec and IT professionals, the graduate certificate in Incident Response is a highly technical program focused on developing your ability to manage both a computer and network-based forensics investigation as well as the appropriate incident responses.

Format Option: A 100% online option is available
Courses:
4
Capstone: 1
GIAC Certifications: 4
Credits: 13
Duration: 18-24 months
Total Program Cost: $23,375 USD

470x382-cybersecurity-student-8.jpg

Strengthen Your Technical Knowledge and Skills

Gain practical skills you can immediately apply at your job or in a new infosec role.

  • Learn the latest cybersecurity tactics to protect your organization
  • Keep your skills current for career growth and advancement
  • Earn professional GIAC certifications as you complete the program
  • Train on your schedule, to balance work and school
  • Get personalized support from a student advisor 

APPLICATIONS ACCEPTED MONTHLY

The SANS.edu Advantage

STI_Advantage_Icons-20.svg

GIAC Certifications

Earn 4 industry-recognized GIAC cybersecurity certifications.

STI_Advantage_Icons-22.svg

100% Online Option Available

You have the option of completing the program through live or rewindable online courses.

STI_Advantage_Icons-23.svg

World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.

STI_Advantage_Icons-24.svg

Pathway to a Master’s Degree

All credits earned in this program can transfer into our master’s degree program.

STI_Advantage_Icons-25.svg

SANS.edu Academic Pricing

Get SANS.edu academic pricing on SANS courses and GIAC certifications.

STI_Advantage_Icons-26.svg

Powerful Network

Make connections with some of the most talented students and teachers in the industry.

InfoSec professional attends SANS.edu info session

Join Us for an Online Info Session

Learn more about the SANS.edu cyber security master's degree and graduate certificate programs. Have questions? We’ll answer them. Wed, Dec 21 at 1:30 pm (ET). Register here.


        2340x500_STI_Quotes_Beige12.jpg

        “I have my master's in computer science, but I completed three graduate certificate programs with SANS so I could truly dive deep into technical areas of cybersecurity and learn from instructors who are leading the industry.” - Jeff Sass, Senior Engineering Manager, Adobe

        Learn How To:

          • Explain the role of digital forensics and incident response in the field of information security and recognize the benefits of applying these practices to both hosts and networks when investigating a cyber incident.
          • Analyze the structure of common attack techniques to evaluate an attacker’s footprint, target the ensuing investigation and incident response, and anticipate and mitigate future activity.
          • Evaluate the effectiveness of available digital forensic tools and use them in a way that optimizes the efficiency and quality of digital forensic investigations.
          • Utilize multiple malware analysis approaches and tools to understand how malware programs interact with digital environments and how they were coded, in order to reverse the effects of the program on networks and systems.

        Curriculum | 13 credit hours

        In this hands-on program, you’ll begin with a foundational course, progress through 3 advanced graduate courses — including a specialized elective of your choice — and test your technical skills in DFIR NetWars Continuous, a graded, online range exercise.

        Required Core Courses | 10 credit hours

        • SANS Course: FOR500: Windows Forensic Analysis
          Certification: GIAC Certified Forensic Examiner (GCFE)

          3 Credit Hours

          ISE 6420 Computer Forensic Investigations - Windows focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to investigate computer incidents successfully. Students learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation. The course covers the methodology of in-depth computer forensic examinations, digital investigative analysis, and media exploitation so each student will have complete qualifications to work as a computer forensic investigator helping to solve and fight crime.

        • SANS Course: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
          Certification: GIAC Certified Forensic Analyst (GCFA)

          3 Credit Hours

          ISE 6425 teaches the necessary capabilities for forensic analysts and incident responders to identify and counter a wide range of threats within enterprise networks, including economic espionage, hacktivism, and financial crime syndicates. The course shows students how to work as digital forensic analysts and incident response team members to identify, contain, and remediate sophisticated threats-including nation-state sponsored Advanced Persistent Threats and financial crime syndicates. Students work in a hands-on lab developed from a real-world targeted attack on an enterprise network in order to learn how to identify what data might be stolen and by whom, how to contain a threat, and how to manage and counter an attack.

        • SANS Course: FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
          Certification: GIAC Network Forensic Analyst (GNFA)

          3 Credit Hours

          ISE 6440: Advanced Network Forensics and Analysis focuses on the most critical skills needed to mount efficient and effective post-incident response investigations. Moving beyond the host-focused experiences in ISE 6420 and ISE 6425, ISE 6440 covers the tools, technology, and processes required to integrate network evidence sources into investigations, covering high-level NetFlow analysis, low-level pcap exploration, and ancillary network log examination. Hands-on exercises in FOR 572 cover a wide range of open source and commercial tools, and real-world scenarios help the student learn the underlying techniques and practices to best evaluate the most common types of network-based attacks.

        • Content: DFIR NetWars Continuous
          1 Credit Hour

          DFIR NetWars Continuous is an incident simulator packed with a vast amount of forensic, malware analysis, threat hunting, and incident response challenges designed to help you gain proficiency without the risk associated when working real-life incidents.

        Elective Courses | 3 credit hours

        Students select one of the following.

        • SANS Course: SEC504: Hacker Tools, Techniques, and Incident Handling
          Certification: GIAC Certified Incident Handler (GCIH)

          3 Credit Hours

          By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.

        • SANS Course: FOR578: Cyber Threat Intelligence
          Certification: GIAC Cyber Threat Intelligence (GCTI)

          3 Credit Hours

          ISE 6445 will equip you, your security team, and your organization in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and to accurately and effectively counter those threats. This course focuses on structured analysis in order to establish a solid foundation for any security skillset and to amplify existing skills.

        • SANS Course: FOR585: Smartphone Forensic Analysis In-Depth
          Certification: GIAC Advanced Smartphone Forensics (GASF)

          3 Credit Hours

          The focus of ISE 6450 is on teaching students how to perform forensic examinations on devices such as mobile phones and tablets. Students will add to their forensics skills with this course's focus on the advanced skills of mobile forensics, device file system analysis, mobile application behavior, event artifact analysis and the identification and analysis of mobile device malware. Students will learn how to detect, decode, decrypt, and correctly interpret evidence recovered from mobile devices. The course features a number of hands-on labs that allow students to analyze different datasets from smart devices and leverage the best forensic tools and custom scripts to learn how smartphone data hide and can be easily misinterpreted by forensic tools.

        • SANS Course: FOR518: Mac and iOS Forensic Analysis and Incident Response
          Certification: GIAC iOS and macOS Examiner (GIME)

          3 Credit Hours

          ISE 6455 provides the techniques and skills necessary to take on any Mac or iOS case without hesitation. The intense hands-on forensic analysis and incident response skills taught in the course will enable students to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. In addition to traditional investigations, the course presents intrusion and incident response scenarios to help analysts learn ways to identify and hunt down attackers that have compromised Apple devices.

        • SANS Course: FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
          Certification: GIAC Reverse Engineering Malware (GREM)

          3 Credit Hours

          ISE 6460 teaches students how to examine and reverse engineer malicious programs - spyware, bots, Trojans, etc. - that target or run on Microsoft Windows, within browser environments such as JavaScript or Flash files, or within malicious document files (including Word and PDF). The course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger and other tools. The malware analysis process taught in this class helps students understand how incident responders assess the severity and repercussions of a situation that involves malicious software and plan recovery steps. Students also experience how forensics investigators learn to understand key characteristics of malware discovered during the examination, including how to establish indicators of compromise (IOCs) for scoping and containing the incident.

        2340x500_STI_Committees4.jpg

        Study with the best faculty in cyber security

        470x382-cybersecurity-student-4.jpg

        Take Your Next Step

        Need more information? We’re happy to answer your questions. Join us for an info session, email info@sans.edu or call 301.241.7665.

        Ready to apply? We look forward to learning about you and your career goals.

        2340x500_STI_Quotes8.jpg

        “I chose the SANS graduate program because the technical content and faculty are unparalleled, and the mix of live and online instruction fit into my work life.” - Joshua Lewis, VP, Threat Intelligence & Incident Response, Umpqua Bank

        Success Stories

        2340x500_STI_Quotes7.jpg

        “After I passed my GCIH certification exam, I got a job offer for twice my current salary. I’m happy where I am, but it’s great to see recruiters going after GIAC certified professionals.” - Agnel D’Silva, IT Administrator, City of Danville, IL

        Christopher Haller

        SANS.edu Graduate Certificate Student Wins National Cyber League Championship

        Christopher Haller beat out more than 6,000 competitors to earn the #1 individual player ranking in the Spring 2022 National Cyber League competition. See why he chose to pursue a graduate certificate at SANS.edu — and learn about his career path from the US Navy to his current role as Director of Professional Services at Centripetal Networks.

        Course Delivery Options

        Complete any of our cybersecurity degree or certificate programs by taking courses that are 100% online or that start with weeklong in-person events held across the country and around the world. Or you can do a mix of both.
        2340x500_STI_Quotes5.jpg

        “You get a lot of personal attention to get through the program because of the student advisors. They are the foundation of the SANS.edu experience.” - Christopher Hurless, Systems Engineer, Northwestern University in Qatar

        GAC_Header_-_2340x5002.jpg

        Join us for a free online info session to learn more.

        470x382_STI_Masters_Degree_Tuition.jpg

        Tuition

        Total program cost: $23,375 USD

        Tuition includes the cost of the course, textbooks, and certification tests that serve as mid-term or final exams for courses.

        Get the Credit You Deserve
        Students who have taken SANS training classes and have active GIAC certifications may be able to waive one course and GIAC certification into the program. See our waiver policy.



        Funding Options

        2340x500_STI_Questions2.jpg

        Questions?

        We're happy to help. Email info@sans.edu or call 301.241.7665.

        About the SANS Technology Institute

        Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering undergraduate and graduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

        The SANS Technology Institute is accredited by The Middle States Commission on Higher Education (1007 North Orange Street, 4th Floor, MB #166, Wilmington, DE 19801 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.