CREST Registered Intrusion Analyst Training

  • Learn via: Classroom / Virtual Classroom / Online
  • Duration: 3 Days
  • Download PDF
  • We can host this training at your preferred location. Contact us!
Upcoming Training

01 March 2021

3 Days

The QACRIA course leads to the CREST Registered Intrusion Analyst (CRIA) examination, which supports career advancement in incident response.

This is the first cross discipline course of its' kind that covers the essential knowledge and hands-on practical skills needed for intrusion detection, incident handling, computer/network forensics and malware reverse engineering.

This course raises the bar and sets a new security baseline for existing practitioners and aspiring Intrusion Analysis and Digital Forensics professionals. Every team member should take this course at some point along their career path. Following this course a student may challenge the CREST core skills exam resulting in the CREST Registered Intrusion Analyst (CRIA) professional qualification.

You will learn how to detect an attack, how to handle it, how to trace and acquire the evidence, investigate, analyse and re-construct the incident. We then lay the groundwork for malware analysis by presenting the key tools and techniques malware analysts use to examine malicious programs. Practical exercises throughout ensure that the skills learned can be put to work immediately and that you are prepared for the CRIA practical exam.

Target Audience

  • Aspiring information security personnel who wish to be part of an incident response team
  • Existing practitioners wishing to become CREST Registered
  • System administrators who are responding to attacks
  • Incident handlers who wish to expand their knowledge into Digital Forensics
  • Government departments who wish to raise and baseline skills across all security teams
  • Law enforcement officers or detectives who want to expand their investigative skills
  • Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
  • Anyone meeting the pre-requisites who is considering a career in Intrusion Analysis or Digital Forensics

A pass at CPIA level is a pre-requisite for the Intrusion Analyst examination.

MODULE 1 - Soft Skills and Incident Handling

  • Incident Chronology
  • Record Keeping, Interim Reporting & Final Results

MODULE 2 - Core Technical Skills

  • IP Protocols
  • Common Classes of Tools
  • Application Fingerprinting
  • Network Access Control Analysis
  • Host Analysis Techniques

MODULE 3 - Network Intrusion Analysis

  • Data Sources and Network Log Sources
  • Beaconing
  • Command and Control Channels
  • Exfiltration of Data
  • Incoming Attacks
  • Reconnaissance
  • Internal Spread and Privilege Escalation
  • False Positive Acknowledgement

MODULE 4 - Analysing Host Intrusions

  • Windows File System Essentials
  • Windows File Structures
  • Application File Structures
  • Windows Registry Essentials
  • Identifying Suspect Files
  • Memory Analysis
  • Infection vectors
  • Live Malware Analysis

MODULE 5 - Reverse Engineering Malware

  • Functionality Identification
  • Processor Architectures
  • Windows Executable File Formats
  • Behavioural Analysis


  • CRIA Exam Preparation & Mock Exam
  • CRIA - Examination Guidance
  • CRIA - Practice Exam

CREST Exam - Booked directly via CREST

CREST Registered Intrusion Analyst (CRIA)

The technical syllabus for Intrusion Analysis identifies at a high level the technical skills and knowledge that CREST expects candidates to possess for the Certification examinations in this area. The CREST Registered Intrusion Analyst (CRIA) examination is a practical assessment where the candidate will be expected to perform basic network intrusion analysis, host intrusion analysis, and malware reverse engineering. A pass at CPIA level is a pre-requisite for the Registered Intrusion Analyst examination and success at both CPIA and CRIA will confer the CREST Registered status to the individual. An individual passing the CPIA but failing the practical element, which is the CRIA exam, will still retain the CPIA Practitioner certificate and may apply to re-take the CRIA practical exam at a later date, when they feel that they are ready to do so.

CREST Accredited Training

CREST has assessed and accredited this training course confirming alignment with 100% of the CREST CRIA exam syllabus.

Contact us for more detail about our trainings and for all other enquiries!

Upcoming Trainings

Join our public courses in our Istanbul, London and Ankara facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

01 March 2021

3 Days

Istanbul, Ankara, London
Istanbul, Ankara, London

Related Trainings

CREST Practitioner Security Analyst

The CPSA course leads to the CREST Practitioner Security Analyst (CPSA) examination, which is an e...

  • Classroom
  • Virtual Classroom
  • Online

5 Day

CREST Registered Penetration Tester

The CRT course leads to the CREST Registered Tester (CRT) examination, which is recognised by the...

  • Classroom
  • Virtual Classroom
  • Online

3 Day

CREST Practitioner Intrusion Analyst

Delegates are provided with a Pearson Vue exam voucher for the CPIA examination as part of the cou...

  • Classroom
  • Virtual Classroom
  • Online

5 Day