View the course listing on

Certified Network Forensic Examiner

Phase2 Advantage: Certified Network Forensic Examiner

The Certified Network Forensic Examiner certification course was originally developed for the U.S. government, and has now been made available to city, county, and state law enforcement agencies.  Civilian personnel outside the law enforcement community are also authorized to attend on a case-by-case basis.

This comprehensive course brings digital and network forensic core competencies to advanced levels by presenting students with 20 detailed learning objectives and a series of practical lab exercises. Students will be provided with both experiential knowledge and practical skills that simulate real-world scenarios, investigations, and recovery of evidentiary data in systems and networks. With a specific focus on the centralizing and investigating of logging systems and network devices, students will cover topics such as: Network-Based Evidence and Investigative Methodologies; Wireless Traffic Capture and Analysis; NIDS and NIPS Evidence Acquisition; and, Web Proxies and Encryption.

Course Outline and Learning Objectives

01) Digital Evidence Concepts
02) Network Evidence Challenges
03) Network Forensic Investigative Methodologies
04) Network-Based Evidence
05) Network Principles
06) Internet Protocol Suite
07) Physical Interception
08) Traffic Acquisition Software
09) Principles of Live Acquisition
10) IEEE Layer Two Protocol Series

11) Protocol and Flow Analysis
12) Wireless Access Points
13) Wireless Traffic Capture and Analysis
14) NIDS and NIPS Evidence Acquisition
15) Centralized Logging and Syslog
16) Investigating Network Devices
17) Web Proxies and Encryption
18) Network Tunneling
19) Malware Forensics
20) Investigation, Analysis, and Legality of Logs

Course Materials

Hardcopy Training Materials

Digital Training Materials

Course Text / Workbook
Course Lab Manual
Supplemental Handout
Text: Key Security Concepts
Text: Exam Prep Guide
USB Drives, Pens, Pads

Course Text / Workbook
Course Lab Manual
Course Video Series
CEU Completion Certificate
Course Prep Guide
Course Exam Simulator

Exam Included in Course Fee

Additional Information




CPE Credit:

Course Fee:


5 Days

Business Continuity Managers
Information Security Trainers
Disaster Recovery Managers
Incident Handling Managers
Physical Security Managers
Corporate Risk Managers
Network Administrators
IT Security Managers



The Certified Network Forensic Examiner course is a component of the career progression track that supports the following Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework:

Exploitation Analyst

Cyber Crime Investigator

Law Enforcement / Counterintelligence Forensics Analyst

All Source – Collection Manager

Cyber Intel Planner

Cyber Defense Forensics Analyst

Average Yearly Salary:

Certification Examination

Mile2 Certification Examination

Upon completion of this course, students will be prepared to sit for the Mile2 Network Forensic Examiner certification examination.  The proctored examination will be offered at the conclusion of the final training day.

Students will have two hours to complete a computer-based examination consisting of 100 questions. A score of 70% or higher is required to earn the certification.  Upon successful completion of the exam, students will receive a hardcopy of their certification and a proctor validation document from the course instructor.  A hardcopy of the certification will also be emailed to the student in PDF format.

For those students not interested in certification, sitting for the examination will not be required, and a signed CPE Credit document will be issued instead (upon request).  Proctored examinations and proctor validation documents are only available for courses taken in a physical classroom environment.

Contact Us for The Ultimate Training Experience

Contact Us

(912) 244-0394

Contact Us

Contact US

previous arrow
next arrow