C)VFE – Certified Virtualisation Forensics Examiner

Certified Virtualization Forensics Examiner


This course takes two enormously challenging areas facing IT security professionals today: incidence response and virtualisation and attempts to meld these together. Forensics is at the heart of incidence response, and therefore this training will focus on how to gather evidence relating to an incident – the what, when, where, who and why of an incident – within today’s common virtual environments. Additionally, the course will take a deep dive into the virtual infrastructure, and contrast the various virtual entities against their physical counterparts. This will allow a clear demonstration of the forensically-relevant differences between the virtual and physical environments. The course uses a lab-centric, scenario-based approach to demonstrate how to forensically examine relevant components of a virtual infrastructure for specific use cases.

Accreditations & Acknowledgements

Accreditation And Certifications

Mile2 is:

  • ACCREDITED by the NSA CNSS 4011-4016
  • MAPPED to NIST / Homeland Security NICCS's Cyber Security Workforce Framework
  • APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)

Exam Information

Upon completion, Students will:

  • Have the knowledge to perform virtualization forensic examinations.
  • Have the knowledge to accurately report on their findings from examinations
  • Be ready to sit for the C)VFE Exam

Key Data

Course Title: Certified Virtualization Forensics Examiner

Duration: 5 Days

Language: English

Class Format Options:

  • Instructor-led classroom
  • Instructor-led Online Training


Must have a Digital or Computer Forensics Certification or equivalent knowledge

Student Materials:

  • Student Workbook
  • Student Lab Guide

CEUs: 40

Course Outline

  • Module 1 - Digital Forensics – the what, where, when, how and why
  • Module 2 – Virtual Infrastructure
  • Module 3 - Forensic Investigation Process
  • Module 4 - VI Forensics Scenario 1: Identifying direct evidence of a crime
  • Module 5 - VI Forensics Scenario 2: Attributing Evidence to Specific Requests
  • Module 6 - VI Forensics Scenario 3: Confirming (or negating) suspect alibis
  • Module 7 - VI Forensics Scenario 4: Confirming (or negating) suspect statements
  • Module 8 - VI Forensics Scenario 5: Determining (or negating) suspect intent& Scanning
  • Module 9 - VI Forensics Scenario 6: Identifying sources
  • Module 10 - VI Forensics Scenario 7: Authenticating documents
  • Module 11 – Putting it all together – Course Summary

Course Objectives

Participants will be able to apply forensically-sound best practice techniques against virtual infrastructure entities in the following use case scenarios:

  • Identifying direct evidence of a crime
  • Attributing evidence to specific suspects
  • Confirming (or negating) suspect alibis
  • Confirming (or negating) suspect statements
  • Determining (or negating) suspect intent
  • Determining (or negating) Identifying sources
  • Determining (or negating) Authenticating documents

Who Should Attend?

Virtual infrastructure specialists (Architects, engineers, Administrators), Forensic investigators Forensic investigators