Certified Network Forensics Examiner – CNFE

Mile2 certifications are unique in their approach of combining theory with practical experience

Mile2 courses are always up-to-date with the latest developments in tools

Exam simulator to prepare you for the official exam

Exam simulator to prepare you for the official exam

Exam voucher to sit the official exam

2nd shot exam voucher in case you fail

Request more information

We'll connect you at the earliest
Certified Network Forensics Examiner – CNFE
Certified Network Forensics Examiner – CNFE

Tools Covered in this Course

Course Details


The Certified Network Forensics Examiner vendor-neutral certification was developed for a U.S. classified government agency. The C)NFE takes a digital and network forensic skill set to the next level by navigating through over twenty modules of network forensic topics. The CNFE provides practical experience through our lab exercises that simulate real-world scenarios that cover investigation and recovery of data in a network, Physical Interception, Traffic Acquisition, Analysis, Wireless Attacks, and SNORT. The course focuses on the centralizing and investigating of logging systems as well as network devices.

The Certified Network Forensics Examiner course that expands upon existing digital and network forensic skill sets. The course is focused on the centralizing and investigating of logging systems as well as network devices.

What you’ll learn

  • Have the knowledge to perform network forensic examinations.
  • Have knowledge to accurately report on their findings from examinations
  • Be ready to sit for the C)NFE Exam


A student needs to meet the following prerequisites in order to fully benefit from the course:

  • Must have a Digital or Computer Forensics Certification or equivalent knowledge
  • 2 years of experience in IT Security; Working Knowledge of TCP/IP

Course outcome

Participants will be able to apply forensically-sound best practice techniques against virtual infrastructure entities in the following use case scenarios:

  • Identifying direct evidence of a crime
  • Attributing evidence to specific suspects
  • Confirming (or negating) suspect alibis
  • Confirming (or negating) suspect statements
  • Determining (or negating) suspect intent
  • Determining (or negating) Identifying sources
  • Determining (or negating) Authenticating documents

Who should attend

This course was designed for the benefit of the following organization roles:

  • Digital & Network Forensic Engineers
  • IS & IT managers
  • Network Auditors


  1. C)NFE Electronic Book (Workbook/Lab Guide)
  2. C)NFE Exam Prep Questions
  3. C)NFE Exam
  4. C)NFE Online Video
  5. Cyber Range access for 2 weeks (request a login from Mile2 when it suits you.)

Course Outline

  • Module 1: Digital Evidence Concepts
  • Module 2: Network Evidence Challenges
  • Module 3: Network Forensics Investigative Methodology
  • Module 4: Network-Based Evidence
  • Module 5: Network Principles
  • Module 6: Internet Protocol Suite
  • Module 7: Physical Interception
  • Module 8: Traffic Acquisition SoftwareScanning
  • Module 9: Live Acquisition
  • Module 10: Analysis
  • Module 11: Layer 2 Protocol
  • Module 12: Wireless Access Points
  • Module 13: Wireless Capture Traffic and Analysis
  • Module 14: Wireless Attacks
  • Module 15: NIDS Snort
  • Module 16: Centralized Logging and Syslog
  • Module 17: Investigating Network Devices
  • Module 18: Web Proxies and Encryption
  • Module 19:Network Tunneling Scanning
  • Module 20:Malware Forensics

Lab Outline

  • Module 4, 5 & 6: – Working with Captured Files
  • Module 7, 8, 9 10, 11: Evidence Acquisition
  • Module 12, 13, 14: Wireless Traffic Evidence Acquisition
  • Module 15: IDS/IPS Forensics
  • Module 16 & 21: Network forensics and investigating logs
  • Module 17 & 18: SSL & Encryption
  • Module 20: Malware Forensics

Course Duration: 40 hours

Delivery Method

  • Classroom
  • Online, Instructor-Led
  • Online, Self-Paced

Accreditations & Acknowledgements

Mile2 is:

  • Mile2 has a strong military connection. Their Certified Penetration Testing Engineer (CPTE) certification played a pivotal role in assisting the United States Air Force (USAF) improve their security protocols. This course was originally designed for the USAF.
  • Mile2’s certification courses are accredited by the National Security Agency (NSA) and Committee on National Security Systems (CNSS). They are also on the FBI’s Preferred Tier 1-3 certification training list for prospective FBI agents specialising in cyber crime.
  • CompTIA recognises and acknowledges Mile2 courses as Expert Level, e.g. Mile2 CPTE.
  • Mile2 have their own IT Security Penetration Testing magazine called PenTest Magazine, which is published several times a year.
  • All Mile2 courses count as Continuing Education Units (CEUs) toward (ISC)2, ISACA, and SANS ongoing certification requirements.

About the exam

The CNFE exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. Further details about the exam are as follows:

  • All exams are immediately loaded in your Mile2 user account once you have enrolled
  • All Mile2 exams are taken on-line and can be taken anywhere 24/7 providing you have access to an internet connection and PC or laptop
  • All exams run for 2 hours and comprise of 100 questions with a passing score of 70%
  • There are NO prerequisites toward taking any Mile2 exam
  • Once you have passed your exam, you will instantly receive a digital copy of your certification