Training Mile2

Training goals dlearning

code: C)VFE | version: v1

This course takes two enormously challenging areas facing IT security professionals today: incidence response and virtualization and attempts to meld these together. Forensics is at the heart of incidence response, and therefore this training will focus on how to gather evidence relating to an incident – the what, when, where, who and why of an incident – within today’s common virtual environments. Additionally, the course will take a deep dive into the virtual infrastructure, and contrast the various virtual entities against their physical counterparts. This will allow a clear demonstration of the forensically-relevant differences between the virtual and physical environments. The C)VFE - Certified Virtualization Forensics Examiner course uses a lab-centric, scenario-based approach to demonstrate how to forensically examine relevant components of a virtual infrastructure for specific use cases.

Course Objectives

Participants will be able to apply forensically-sound best practice techniques against virtual infrastructure entities in the following use case scenarios:

  • Identifying direct evidence of a crime
  • Attributing evidence to specific suspects
  • Confirming (or negating) suspect alibis
  • Confirming (or negating) suspect statements
  • Determining (or negating) suspect intent
  • Identifying sources
  • Authenticating documents

Upon completion, students will:

  • Have the knowledge to perform virtualization forensic examinations.
  • Have the knowledge to accurately report on their findings from examinations
  • Be ready to sit for the C)VFE Exam

Who Should Attend:

  • Virtual infrastructure specialists (Architects, engineers, Administrators)
  • Forensic investigators

Accreditations & Acknowledgements

Mile2® is:

  • ACCREDITED by the NSA CNSS 4011-4016
  • MAPPED to NIST / Homeland Security NICCS's Cyber Security Workforce Framework
  • APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)

Conspect Show list

  1. Digital Forensics – the what, where, when, how and why
  2. Virtual Infrastructure
  3. Forensic Investigation Process
  4. Forensics Scenario 1: Identifying direct evidence of a crime
  5. Forensics Scenario 2: Attributing Evidence to Specific Requests
  6. Forensics Scenario 3: Confirming (or negating) suspect alibis
  7. Forensics Scenario 4: Confirming (or negating) suspect statements
  8. Forensics Scenario 5: Determining (or negating) suspect intent& Scanning
  9. Forensics Scenario 6: Identifying sources
  10. Forensics Scenario 7: Authenticating documents
  11. Putting it all together – Course Summary
Download conspect training as PDF

Additional information

  • Must have a Digital or Computer Forensics Certification or equivalent knowledge.
Difficulty level
Duration 5 days

The participants will obtain certificates signed by Mile2 (course completion).

This course will help prepare you for the Certified Virtualization Forensics Examiner exam, which is available through the on-line Mile2’s Assessment and Certification System (“MACS”),  and is accessible on your account. The exam will take 2 hours and consist of 100 multiple choice questions. 

Each participant in an authorized training C)VFE - Certified Virtualization Forensics Examiner will receive a free CVFE exam voucher.


Certified Mile2 Instructor.

Additional informations

We also recommend further training and certification:

Other training Mile2 | Forensics

Training thematically related

IT Security

Contact form

Please fill form below to obtain more info about this training.

* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.


  • Please contact us by phone using the form below in order to perform calculations as training