This course takes two enormously challenging areas facing IT security professionals today: incident response and virtualization and attempts to meld these together. Forensics is at the heart of incident response, and therefore this training will focus on how to gather evidence relating to an incident – the what, when, where, who and why of an incident – within today’s common virtual environments. Additionally, the course will take a deep dive into the virtual infrastructure, and contrast the various virtual entities against their physical counterparts. This will allow a clear demonstration of the forensically-relevant differences between the virtual and physical environments. The course uses a lab-centric, scenario-based approach to demonstrate how to forensically examine relevant components of a virtual infrastructure for specific use cases.
Participants will be able to apply forensically-sound best practice techniques against virtual infrastructure entities in the following use case scenarios:
• Identifying direct evidence of a crime
• Attributing evidence to specific suspects
• Confirming (or negating) suspect alibis
• Confirming (or negating) suspect statements
• Determining (or negating) suspect intent
• Identifying sources
• Authenticating documents
Duration: 5 Days
Instructor Led Online Training
Must have a Digital or Computer Forensics
Certification or equivalent knowledge
Student Lab Guide
Certified Virtualization Forensics Examiner
WHO SHOULD ATTEND?
Virtual infrastructure specialists (Architects, engineers, Administrators), Forensic investigators Forensic investigators
Have knowledge to perform virtualization forensic examinations.
Have knowledge to accurately report on their findings from examinations
Be ready to sit for the C)VFE Exam
The Certified Virtualization Forensics Examiner exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. The exam must be purchased separately.
Module 1 – Digital Forensics – the what, where, when, how and why
Module 2 – Virtual Infrastructure
Module 3 – Forensic Investigation Process
Module 4 – VI Forensics Scenario 1: Identifying direct evidence of a crime
Module 5 – VI Forensics Scenario 2: Attributing Evidence to Specific Requests
Module 6 – VI Forensics Scenario 3: Confirming (or negating) suspect alibis
Module 7 – VI Forensics Scenario 4: Confirming (or negating) suspect statements
Module 8 – VI Forensics Scenario 5: Determining (or negating) suspect intent
Module 9 - VI Forensics Scenario 6: Identifying sources
Module 10 – VI Forensics Scenario 7: Authenticating documents
Module 11 – Putting it all together – Course Summary