Essentials of Evidence
RCCE students will learn audit evidence collection, management, and presentation including evidence types, collection methodologies, evidence repositories, and evidence lifecycle management. RCCE students will learn to identify the types of evidence required for various compliance frameworks, develop evidence collection procedures that produce consistent and reliable results, configure automated evidence collection from security tools and systems, manage evidence repositories with proper access controls and versioning, validate evidence quality and completeness, present evidence packages to internal and external auditors, and maintain evidence retention schedules that meet regulatory requirements. This essentials course covers the core knowledge needed to operate competently in this domain. Building on core knowledge, RCCE students will learn the fundamental concepts, terminology, risks, and defenses that form the foundation for all further study and professional practice. Students build a solid knowledge base that prepares them for more advanced courses and real-world security responsibilities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Essentials of Evidence
- Monitor and audit privilege usage; detect escalation attempts
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Audit evidence collection fundamentals.
- Execute hands-on tasks for key outcomes — covering Build reliable evidence collection procedures.
- Explain Legal Foundation fundamentals — covering Records, statements, and artifacts.
- Execute hands-on tasks for why evidence matters — covering Regulatory mandates drive collection.
- Execute hands-on tasks for direct evidence
- Execute hands-on tasks for evidence quality attributes — covering Relevant.
- Execute hands-on tasks for compliance framework evidence map
- Execute hands-on tasks for key evidence types
- Execute hands-on tasks for collection frequency
| Module 01 | Audit Evidence Collection, Management & Presentation |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Key Outcomes |
| Module 05 | What Is Audit Evidence? |
| Module 06 | Legal Foundation |
| Module 07 | Why Evidence Matters |
| Module 08 | Direct Evidence |
| Module 09 | Evidence Quality Attributes |
| Module 10 | Compliance Framework Evidence Map |
| Module 11 | Key Evidence Types |
| Module 12 | Collection Frequency |
| Module 13 | Evidence Collection Methodologies |
| Module 14 | Automated Collection |
All hands-on labs run on Rocheston Rose X OS. Students practice essentials of evidence by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for key outcomes
- Lab 5: Monitor and audit privilege usage; detect escalation attempts
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Essentials of Evidence, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI