Disk forensics Hardening Clinic
RCCE students will learn disk forensic acquisition and analysis including forensic imaging, file system analysis (NTFS, ext4, APFS, HFS+), deleted file recovery, timeline creation from file system metadata, and artifact extraction. RCCE students will learn to create forensically sound disk images using write blockers and imaging tools, analyze file systems for evidence of attacker activity, recover deleted files and fragments, reconstruct user and attacker activity timelines from file system timestamps, extract browser artifacts, registry hives, prefetch data, and event logs, and produce disk forensics reports that withstand legal scrutiny. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. Building on core knowledge, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Disk forensics Hardening Clinic
- Execute hands-on tasks for disk forensics hardening clinic
- Explain Module Overview fundamentals
- Execute hands-on tasks for disk forensics
- Execute hands-on tasks for hardening clinic — covering Forensic imaging with write blockers, Apply hardening baselines to systems.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for disk forensics fundamentals
- Execute hands-on tasks for core principles
- Execute hands-on tasks for digital evidence types — covering Active data: visible files on disk.
- Execute hands-on tasks for legal standards — covering Document who handled evidence and when, Daubert standard for expert testimony.
- Execute hands-on tasks for hardware write blockers
- Execute hands-on tasks for software write blockers — covering Sits between drive and forensic workstation, OS-level write protection via drivers.
- Execute hands-on tasks for supports sata, usb, nvme, ide interfaces — covering OS-level write protection via drivers.
| Module 01 | Disk Forensics Hardening Clinic |
| Module 02 | Module Overview |
| Module 03 | Disk Forensics |
| Module 04 | Hardening Clinic |
| Module 05 | Learning Objectives |
| Module 06 | Disk Forensics Fundamentals |
| Module 07 | Core Principles |
| Module 08 | Digital Evidence Types |
| Module 09 | Legal Standards |
| Module 10 | Hardware Write Blockers |
| Module 11 | Software Write Blockers |
| Module 12 | Supports SATA, USB, NVMe, IDE interfaces |
| Module 13 | Validation Testing |
| Module 14 | Forensic Imaging: Creating Sound Copies |
All hands-on labs run on Rocheston Rose X OS. Students practice disk forensics hardening clinic by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for disk forensics hardening clinic
- Lab 2: Explain Module Overview fundamentals
- Lab 3: Execute hands-on tasks for disk forensics
- Lab 4: Execute hands-on tasks for hardening clinic
- Lab 5: Execute hands-on tasks for learning objectives
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Disk forensics Hardening Clinic, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI