Zero-Trust Approach to Artifact collection
RCCE students will learn digital forensics acquisition, evidence handling, timeline reconstruction, memory and disk analysis, and forensic reporting. RCCE students will learn to collect and preserve digital evidence following forensically sound procedures, reconstruct attack timelines from multiple artifact sources, perform forensic analysis on endpoints, memory, networks, and cloud environments, and produce investigation reports that withstand legal and regulatory scrutiny. This zero-trust course applies modern security principles including least privilege, continuous verification, and explicit trust evaluation. Building on core knowledge, RCCE students will learn to implement zero-trust architectures that assume breach and verify every access request regardless of network location. Students build practical zero-trust implementations that align with organizational security modernization goals.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Zero-Trust Approach to Artifact collection
- Apply zero-trust principles to privilege decisions and elevation
- Execute hands-on tasks for ransomware readiness & artifact
- Explain Course Overview: Dual-Track Zero-Trust Training fundamentals
- Execute hands-on tasks for course 681: ransomware readiness — covering Prevention, detection, response, recovery, Immutable backup architecture design, Tabletop exercises and maturity assessments.
- Execute hands-on tasks for course 687: artifact collection — covering Forensic acquisition and evidence handling.
- Explain Zero-Trust Foundation fundamentals — covering Assume breach at all times.
- Execute hands-on tasks for never trust
- Execute hands-on tasks for always verify
- Integrate privilege controls with identity providers and SIEM telemetry, including Multi-factor for every access.
- Monitor and audit privilege usage; detect escalation attempts, including Real-time telemetry analysis.
- Execute hands-on tasks for ransomware threat landscape — 2024-2025
| Module 01 | Zero-Trust Approach to |
| Module 02 | Ransomware Readiness & Artifact |
| Module 03 | Course Overview: Dual-Track Zero-Trust Training |
| Module 04 | Course 681: Ransomware Readiness |
| Module 05 | Course 687: Artifact Collection |
| Module 06 | Zero-Trust Foundation |
| Module 07 | Zero-Trust Core Principles |
| Module 08 | Never Trust |
| Module 09 | Always Verify |
| Module 10 | Identity Verification |
| Module 11 | Continuous Monitoring |
| Module 12 | Ransomware Threat Landscape — 2024-2025 |
| Module 13 | Avg. Ransom Demand |
| Module 14 | Avg. Recovery Time |
All hands-on labs run on Rocheston Rose X OS. Students practice zero-trust approach to artifact collection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Apply zero-trust principles to privilege decisions and elevation
- Lab 2: Execute hands-on tasks for ransomware readiness & artifact
- Lab 3: Explain Course Overview: Dual-Track Zero-Trust Training fundamentals
- Lab 4: Execute hands-on tasks for course 681: ransomware readiness
- Lab 5: Execute hands-on tasks for course 687: artifact collection
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Zero-Trust Approach to Artifact collection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI