The QACRIA course leads to the CREST Registered Intrusion Analyst (CRIA) examination, which supports career advancement in incident response.

This is the first cross discipline course of its' kind that covers the essential knowledge and hands-on practical skills needed for intrusion detection, incident handling, computer/network forensics and malware reverse engineering.

This course raises the bar and sets a new security baseline for existing practitioners and aspiring Intrusion Analysis and Digital Forensics professionals. Every team member should take this course at some point along their career path. Following this course a student may challenge the CREST core skills exam resulting in the CREST Registered Intrusion Analyst (CRIA) professional qualification.

Target Audience

  • Aspiring information security personnel who wish to be part of an incident response team
  • Existing practitioners wishing to become CREST Registered
  • System administrators who are responding to attacks
  • Incident handlers who wish to expand their knowledge into Digital Forensics
  • Government departments who wish to raise and baseline skills across all security teams
  • Law enforcement officers or detectives who want to expand their investigative skills
  • Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
  • Anyone meeting the pre-requisites who is considering a career in Intrusion Analysis or Digital Forensics


A pass at CPIA level is a pre-requisite for the Registered Intrusion Analyst examination.

Course Outline

Day 1 Course Modules

  • CRIA - Course Introduction and review of main syllabus areas from CPIA
  • A4-Record Keeping-Interim Reporting and Final Results
  • D5-Beaconing
  • Exercises for B3-Common Classes of Tools
  • Exercise for B9-File System Permissions
  • Exercise for D1-Network Traffic Capture
  • Exercises for D2-Data Sources and Network Log Sources
  • Exercises for D2 - stretch
  • Exercise for D4-Unusual Protocol Behaviour
  • Exercise for D11-Internal spread and privilege escalation

Day 2 Course Modules

  • Review of day 1
  • Exercises for E4-Windows File Structures
  • Exercises for E6-Windows Registry Essentials
  • Exercises for E6 - stretch
  • Exercise for E9-Memory Analysis
  • Exercises for E10-Infection vectors
  • Exercises for E10 - stretch
  • Lab 1 scenario
  • Lab 1 scenario – stretch

Day 3 Course Modules

  • Review of day 2
  • Lab 2 scenario
  • Lab 2 scenario – stretch
  • Lab 3 scenario
  • Lab 3 scenario – stretch
  • Knowledge Check
  • Exam preparation

CREST Exam Voucher – Is included, taken post course.

CREST Registered Intrusion Analyst (CRIA)

The technical syllabus for Intrusion Analysis identifies at a high level the technical skills and knowledge that CREST expects candidates to possess for the Certification examinations in this area. The CREST Registered Intrusion Analyst (CRIA) examination is a practical assessment where the candidate will be expected to perform basic network intrusion analysis, host intrusion analysis, and malware reverse engineering. A pass at CPIA level is a pre-requisite for the Registered Intrusion Analyst examination and success at both CPIA and CRIA will confer the CREST Registered status to the individual. An individual passing the CPIA but failing the practical element, which is the CRIA exam, will still retain the CPIA Practitioner certificate and may apply to re-take the CRIA practical exam at a later date, when they feel that they are ready to do so.

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
Cyber Management
Cyber Tech
Security Auditor
Intrusion Analyst
CompTIA Security Includes Security+, CySA+ and CASP
Industrial Control Systems & Operational Technology Technical
Industrial Control Systems & Operational Technology Management
AppSec Average salary: £67,250 (based on QA research)
CompTIA Security Average salary: £57,000 (based on QA research)