Rocheston Certified Cybercrime Investigator (RCCI)
Master digital forensics, incident response, evidence acquisition, chain of custody, forensic analysis, and court-ready reporting in a 5-day hands-on program on Rocheston Winston OS.
// part of the rocheston certification ecosystem
RCCI is part of the Rocheston certification ecosystem alongside RCCE, which is ANAB ISO/IEC 17024 accredited.
View ANAB directory listing ↗RCCI supports the RCCE certification pathway, which is recognized under the U.S. DoD 8140 DCWF framework — including forensics-focused workforce roles.
See the DoD 8140 mapping ↗Every Rocheston certificate can be independently verified by employers in seconds through Rocheston Roxy.
Verify a credential ↗// after rcci, you will be able to
// cybercrime cases you will investigate
RCCI is an investigation academy, not a lecture series. These case scenarios — all simulated and legally controlled — are your training ground:
Suspicious access, exposed files, system logs, possible exfiltration.
Email headers, malicious links, user activity, compromised accounts.
User activity, file access, removable media, policy violations.
Infection timeline, affected systems, preserved artifacts, incident report.
Suspicious transactions, account activity, device evidence, digital traces.
Preserved conversations, metadata, documented evidence, investigative summary.
Dark web evidence, crypto transaction traces, wallet activity, limitations.
Messages, location data, app artifacts, photos, device activity.
File access, sharing activity, login records, compromise indicators.
Connected-device evidence, logs, network behavior, device metadata.
// where you'll practice — rocheston winston os
Most forensic courses make students watch lectures and memorize tool names. RCCI gives you a forensic investigation environment: Winston OS, purpose-built for digital forensics and preloaded with investigation tools.
RCCI teaches cybercrime investigation in authorized, simulated, and legally controlled environments. Students learn to preserve, analyze, and report digital evidence while respecting privacy, civil liberties, chain of custody, and applicable laws. For sensitive crime categories, training uses simulated, redacted, or legally permitted materials only.
// the rcci investigation workflow
Allegation, incident type, scope, affected systems.
Secure systems, prevent contamination, document.
Devices, logs, accounts, media, cloud, network artifacts.
Forensic images with sound procedures.
Who collected, handled, transferred, analyzed.
Files, logs, registry, metadata, deleted data, traffic.
What happened, when, and who was involved.
What can and cannot be concluded.
Clear technical and executive reports.
Evidence, exhibits, testimony notes, documentation.
// what you will produce
// the transformation
// your 5-day journey
Crime types, investigation ethics, evidence handling, privacy, chain of custody.
Containment, forensic imaging, hash verification, preservation, documentation.
File systems, deleted data, registry, logs, metadata, timeline reconstruction.
Fraud, phishing, insider threat, cloud, mobile, dark web, crypto, social media.
Final investigation report, executive summary, evidence package, exam prep.
// 50+ specializations, organized
Investigate suspicious transactions, digital payment trails, wallet activity, and financial cybercrime evidence.
Covers: Online banking fraud · Credit card fraud · Money laundering · Cryptocurrency & blockchain analysis · Smart contracts · Online gambling
Preserve online evidence, document activity, capture metadata, and prepare investigative summaries.
Covers: Identity theft · Cyberstalking · Extortion · Cyberbullying · Harassment · Social media crimes · Reputation damage · Digital privacy violations
Investigate enterprise attacks, compromised accounts, logs, endpoints, and network artifacts.
Covers: Data breaches · Insider threats · Corporate sabotage · Cyber espionage · Website defacement · Backdoors & rootkits · Phishing, spam & botnets · Denial-of-service incidents
Analyze communications, device activity, access records, and network evidence.
Covers: Mobile devices · Network traffic · Packet analysis · Wireless, Wi-Fi & Bluetooth · VoIP · Videoconferencing · RFID · CCTV · Physical access controls
Investigate cloud accounts, web logs, database records, user activity, and access evidence.
Covers: Cloud storage · Web applications · Database activity · Location data & geolocation · Employee monitoring · Online services
Understand how modern devices create evidence — and how investigators should think about new evidence sources.
Covers: IoT & embedded devices · SCADA & industrial control systems · Robotics · Autonomous vehicles · Smart homes · Wearables · AR & VR · 3D printing
// final rcci capstone
A simulated organization has suffered a suspected breach involving phishing, credential theft, unauthorized file access, and possible data exfiltration. Your job: investigate from intake to final report.
// who should take rcci
RCCI is not a beginner IT course. If you are new to cybersecurity, start with RCCE Level 1 or the free RCT first.
// career roles this can help you prepare for
Projected U.S. job growth for information security analysts — who investigate security breaches and prepare reports — 2024–2034, about 16,000 openings per year. Source: U.S. Bureau of Labor Statistics
Investigation specializations covered — from banking fraud and dark web activity to IoT, SCADA, and autonomous vehicle evidence.
RCCI can help prepare you for these roles; job placement depends on experience, region, employer requirements, and investigation authority.
// certification exam details
// what's included
// delivery options
Winston OS labs power the hands-on forensic portions in every format.
A 5-day live online or classroom program with guided investigation labs.
Instructor-led sessions plus Cyberclass online modules and lab exercises.
Videos, exercises, downloadable resources, and discussion support.
// where rcci fits
| Program | Focus | Best for |
|---|---|---|
| RCT | IT fundamentals (free) | Complete beginners |
| RCCE Level 1 | Cybersecurity foundations & ethical hacking | IT professionals entering cybersecurity |
| RCCE Level 2 | Advanced pentesting & Red/Blue cyber range | Professionals ready for advanced practice |
| RCCI | Cybercrime investigation & digital forensics | Investigators, IR, law enforcement, forensic analysts |
| CCO | Compliance, governance & leadership | Managers, auditors, CISOs, risk leaders |
| RCAI | AI engineering & applied AI | AI learners and technical professionals |
// frequently asked questions
RCCI is best for students with a cybersecurity, IT, incident response, or law-enforcement background. If you're new to cybersecurity, start with RCCE Level 1 or the free RCT first.
No. RCCI serves both law-enforcement and corporate cybersecurity professionals.
Rocheston's forensic lab environment, purpose-built for digital investigation practice and preloaded with forensic tools.
No. Training uses simulated, redacted, or legally permitted materials only.
Files, logs, deleted data, metadata, storage media, network artifacts, cloud activity, mobile and device evidence, and investigation timelines.
Yes — collection, preservation, authentication, and chain of custody are core curriculum.
100 questions (MCQ, true/false, short answer), 2 hours, 70% to pass — proctored online via Rocheston Ramsys. Register at cert.rocheston.com.
RCCI supports the RCCE certification pathway, which is recognized under the U.S. DoD 8140 DCWF framework. See rocheston.com/dod8140 for the official mapping.
Cybercrime investigator, digital forensics analyst, incident response analyst, SOC investigator, fraud investigator, and cyber defense forensics analyst.
// Haja Mo RCCI audio message
A founder-led message for students who want to investigate cybercrime with discipline, preserve digital evidence, reconstruct timelines, and write court-ready reports.
Hello my friend, I am Haja Mo, creator of the Rocheston cybersecurity certification ecosystem.
Welcome to RCCI, the Rocheston Certified Cybercrime Investigator program.
Let me tell you why this program is so important. In cybersecurity, it is not enough to say, “I think this happened.” An investigator must prove what happened, when it happened, how it happened, what evidence supports it, and what the limits of the evidence are. That is the difference between guessing and investigating.
RCCI is built to help you become that kind of professional.
This program is for people entering digital forensics, incident response, cybercrime investigation, fraud investigation, law enforcement support, and court-ready reporting. You learn how to respond to an incident without destroying evidence. You learn how to identify digital evidence, acquire it properly, verify it with hashes, document it, preserve it, and maintain chain of custody from the beginning of the case to the final report.
My friend, chain of custody is not just a form. It is trust. It tells everyone who handled the evidence, when they handled it, why they handled it, and how the integrity of that evidence was protected. Employers need people who understand this discipline. Legal teams need it. Incident response teams need it. Corporate investigation teams need it. Law enforcement teams need it.
Inside RCCI, you train with Rocheston Winston OS, our forensic lab environment. You do not just memorize tool names. You practice evidence acquisition, forensic imaging, hash verification, deleted file recovery, log analysis, registry analysis, browser artifacts, network evidence review, timeline reconstruction, and professional reporting. You learn how to look at a system and ask the right questions: What changed? Who accessed it? What files were touched? What accounts were used? What traces were left behind?
That is how a digital detective thinks.
RCCI also puts you through many cybercrime scenarios. Corporate data breaches. Phishing and credential theft. Insider threats. Ransomware incidents. Online banking fraud. Social media harassment and extortion. Dark web and cryptocurrency trails. Mobile device evidence. Cloud storage investigations. IoT and smart device evidence. These are the situations modern organizations face every day.
And everything is ethical, authorized, simulated, and legally controlled. You are not working with illegal material. You are learning the professional method: preserve the evidence, analyze the evidence, explain the evidence, and report the evidence responsibly.
The five-day RCCI journey is designed to transform you. On day one, you understand cybercrime, law, ethics, evidence handling, privacy, and chain of custody. On day two, you work on incident response and forensic acquisition. On day three, you analyze file systems, deleted data, logs, metadata, and timelines. On day four, you move into specialized investigations like fraud, phishing, insider threat, cloud, mobile, crypto, and social media. On day five, everything comes together in court-ready reporting, your final capstone, and exam preparation.
The capstone is called Operation Silent Trace. I love this part because this is where you stop being a student and start thinking like an investigator. A simulated organization has a suspected breach involving phishing, credential theft, unauthorized file access, and possible data exfiltration. Your job is to secure the evidence, create forensic images, verify integrity, analyze the artifacts, reconstruct the timeline, identify suspicious activity, and prepare a professional case file.
At the end, you are not just saying, “I completed a course.” You can say, “Here is my chain-of-custody form. Here is my evidence inventory. Here are my acquisition notes. Here is my timeline. Here are my findings. Here is my executive summary. Here is my court-ready forensic report.”
That is proof employers respect.
RCCI brings serious investigation skills together in one Rocheston experience: Winston OS, case labs, 50 plus investigation specializations, forensic workflows, capstone practice, and certification readiness.
The world needs investigators who can protect evidence, find the truth, explain the timeline, and communicate clearly to technical teams, executives, auditors, legal teams, and law enforcement. RCCI is designed to help you become that person.
So if you are ready to move from “I work in security” to “I investigate what happened,” RCCI is your next step. Come in curious. Come in disciplined. Come in ready to follow the evidence.
RCCI is built with love, deep technology, and respect for the serious work investigators do. Every lab should make you sharper. Every case should make you more confident. Every report should make you more professional.
My name is Haja Mo. Thank you for listening.
Five days from now you could have a completed capstone case file, court-ready reporting skills, and a clear path to RCCI certification.
$ winston acquire --image evidence01.dd && verify
ROCHESTON