Forensics has become more important in incident response. This capability is required in order to investigate the root cause of the incident. Whether it is intentionally or not!
As such, malware forensics/reverse engineering, has become so important and SANS is providing a training on it. With Stuxnet and Duqu...http://news.techworld.com/security/3317908/duqu-trojan-might-have-been-in-development-for-four-years...you better arm yourself.
(Microsoft has confirmed that the Duqu campaign exploits a vulnerability in a Windows kernel-mode driver - specifically "W32k.sys," and its TrueType font parsing engine - to gain rights on the compromised PC sufficient to install the malware.)
This is cyber warfare/weapon...next...maybe cyber nuclear...