Cloud forensics Monitoring and Detection: Blueprint
RCCE students will learn how to collect, preserve, and analyze digital evidence in cloud environments across AWS, Azure, and GCP. RCCE students will learn to acquire cloud-native logs including CloudTrail, Activity Log, and Audit Logs, preserve volatile cloud resources before termination, reconstruct attacker activity across cloud services, analyze IAM permission changes, investigate unauthorized resource provisioning, and build forensic timelines from distributed cloud telemetry. The course covers legal considerations for cloud evidence, chain of custody in shared responsibility models, and forensic imaging of cloud-based virtual machines. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. Building on core knowledge, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Cloud forensics Monitoring and Detection: Blueprint
- Execute hands-on tasks for cloud forensics
- Monitor and audit privilege usage; detect escalation attempts
- Explain Course Overview fundamentals
- Execute hands-on tasks for forensics track — covering Collect & preserve cloud evidence.
- Monitor and audit privilege usage; detect escalation attempts, including Instrument security telemetry.
- Execute hands-on tasks for forensic imaging of cloud vms — covering Build detection pipelines.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for evidence collection
- Execute hands-on tasks for forensic analysis
- Build detections and response workflows for privilege escalation, including Acquire cloud-native, Reconstruct attacker, and Detection pipeline.
| Module 01 | Cloud Forensics |
| Module 02 | Monitoring and Detection |
| Module 03 | Course Overview |
| Module 04 | Cloud Forensics + Monitoring & Detection |
| Module 05 | Forensics Track |
| Module 06 | Monitoring Track |
| Module 07 | Forensic imaging of cloud VMs |
| Module 08 | Learning Objectives |
| Module 09 | Evidence Collection |
| Module 10 | Forensic Analysis |
| Module 11 | Detection & Monitoring |
| Module 12 | Incident Response |
| Module 13 | Cloud Forensics Fundamentals |
| Module 14 | Distributed Nature |
All hands-on labs run on Rocheston Rose X OS. Students practice cloud forensics monitoring and detection: blueprint by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for cloud forensics
- Lab 2: Monitor and audit privilege usage; detect escalation attempts
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Monitor and audit privilege usage; detect escalation attempts
- Lab 5: Execute hands-on tasks for forensics track
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Cloud forensics Monitoring and Detection: Blueprint, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI