Evidence preservation Incident Handling
RCCE students will learn audit evidence collection, management, and presentation including evidence types, collection methodologies, evidence repositories, and evidence lifecycle management. RCCE students will learn to identify the types of evidence required for various compliance frameworks, develop evidence collection procedures that produce consistent and reliable results, configure automated evidence collection from security tools and systems, manage evidence repositories with proper access controls and versioning, validate evidence quality and completeness, present evidence packages to internal and external auditors, and maintain evidence retention schedules that meet regulatory requirements. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. At an expert level, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Evidence preservation Incident Handling
- Execute hands-on tasks for evidence preservation
- Execute hands-on tasks for & incident handling
- Execute hands-on tasks for learning objectives — covering Identify evidence types for, evidence repositories.
- Explain Module Overview & Scope fundamentals
- Execute hands-on tasks for incident handling track — covering Evidence types & classification.
- Execute hands-on tasks for evidence preservation fundamentals
- Execute hands-on tasks for why evidence matters — covering Legal admissibility in proceedings.
- Execute hands-on tasks for core principles — covering Integrity: evidence is unaltered.
- Execute hands-on tasks for key standards & frameworks — covering ISO 27037 — Digital evidence identification & collection.
- Execute hands-on tasks for volatile evidence — covering RAM contents & running processes, Network connections & routing tables.
- Execute hands-on tasks for non-volatile evidence — covering Hard drive images & file systems, Log files & database records.
- Execute hands-on tasks for network evidence — covering Packet captures & NetFlow data, Firewall & IDS/IPS logs.
| Module 01 | Evidence Preservation |
| Module 02 | & Incident Handling |
| Module 03 | Learning Objectives |
| Module 04 | Module Overview & Scope |
| Module 05 | Incident Handling Track |
| Module 06 | Evidence Preservation Fundamentals |
| Module 07 | Why Evidence Matters |
| Module 08 | Core Principles |
| Module 09 | Key Standards & Frameworks |
| Module 10 | Volatile Evidence |
| Module 11 | Non-Volatile Evidence |
| Module 12 | Network Evidence |
| Module 13 | Packet captures & NetFlow data |
| Module 14 | Cloud Evidence |
All hands-on labs run on Rocheston Rose X OS. Students practice evidence preservation incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for evidence preservation
- Lab 2: Execute hands-on tasks for & incident handling
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Explain Module Overview & Scope fundamentals
- Lab 5: Execute hands-on tasks for incident handling track
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Evidence preservation Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI