This course teaches the fundamentals of incident response and digital forensics. A systematic approach to incident response will be reviewed, focusing on the six-step process (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.) Preservation of data (dd, ftk imager, DumpIt,) Data recovery (Scalpel, Foremost, OpenStego) and forensic analysis (Sleuthkit, SIFT workstation, Volatility, RegRipper, Supertimeline, Autopsy, Wireshark). The legal aspects of both investigation and preservation will be discussed along with learning the fundamentals of preparing a legally acceptable forensic report. In addition to the weekly reading, quizzes, and individual projects, students are required to complete a final project. Students taking this course should be proficient with Windows, Linux or OSX, including the command line.