The QACRIA course leads to the CREST Registered Intrusion Analyst (CRIA) examination, which supports career advancement in incident response.
This is the first cross discipline course of its' kind that covers the essential knowledge and hands-on practical skills needed for intrusion detection, incident handling, computer/network forensics and malware reverse engineering.
This course raises the bar and sets a new security baseline for existing practitioners and aspiring Intrusion Analysis and Digital Forensics professionals. Every team member should take this course at some point along their career path. Following this course a student may challenge the CREST core skills exam resulting in the CREST Registered Intrusion Analyst (CRIA) professional qualification.
You will learn how to detect an attack, how to handle it, how to trace and acquire the evidence, investigate, analyse and re-construct the incident. We then lay the groundwork for malware analysis by presenting the key tools and techniques malware analysts use to examine malicious programs. Practical exercises throughout ensure that the skills learned can be put to work immediately and that you are prepared for the CRIA practical exam.
- Aspiring information security personnel who wish to be part of an incident response team
- Existing practitioners wishing to become CREST Registered
- System administrators who are responding to attacks
- Incident handlers who wish to expand their knowledge into Digital Forensics
- Government departments who wish to raise and baseline skills across all security teams
- Law enforcement officers or detectives who want to expand their investigative skills
- Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
- Anyone meeting the pre-requisites who is considering a career in Intrusion Analysis or Digital Forensics
A pass at CPIA level is a pre-requisite for the Intrusion Analyst examination.
The course consists of six modules:
- Module 1 – Soft Skills and Incident Handling
- Module 2 – Core Technical Skills
- Module 3 – Background Information Gathering & Open Source
- Module 4 – Network Intrusion Analysis
- Module 5 – Analysing Host Intrusions
- Module 6 – Reverse Engineering Malware
- Module 7 – CRIA exam preparation, CRIA mock exam
Continual assessment, with topic quizzes and module tests, ensure that you understand the knowledge and learn the skills delivered in each module.
MODULE 1 - Soft Skills and Incident Handling
- Incident Chronology
- Record Keeping, Interim Reporting & Final Results
MODULE 2 - Core Technical Skills
- IP Protocols
- Common Classes of Tools
- Application Fingerprinting
- Network Access Control Analysis
- Host Analysis Techniques
MODULE 3 - Network Intrusion Analysis
- Data Sources and Network Log Sources
- Command and Control Channels
- Exfiltration of Data
- Incoming Attacks
- Internal Spread and Privilege Escalation
- False Positive Acknowledgement
MODULE 4 - Analysing Host Intrusions
- Windows File System Essentials
- Windows File Structures
- Application File Structures
- Windows Registry Essentials
- Identifying Suspect Files
- Memory Analysis
- Infection vectors
- Live Malware Analysis
MODULE 5 - Reverse Engineering Malware
- Functionality Identification
- Processor Architectures
- Windows Executable File Formats
- Behavioural Analysis
- CRIA Exam Preparation & Mock Exam
- CRIA - Examination Guidance
- CRIA - Practice Exam
CREST Exam - Booked directly via CREST
CREST Registered Intrusion Analyst (CRIA)
The technical syllabus for Intrusion Analysis identifies at a high level the technical skills and knowledge that CREST expects candidates to possess for the Certification examinations in this area. The CREST Registered Intrusion Analyst (CRIA) examination is a practical assessment where the candidate will be expected to perform basic network intrusion analysis, host intrusion analysis, and malware reverse engineering. A pass at CPIA level is a pre-requisite for the Registered Intrusion Analyst examination and success at both CPIA and CRIA will confer the CREST Registered status to the individual. An individual passing the CPIA but failing the practical element, which is the CRIA exam, will still retain the CPIA Practitioner certificate and may apply to re-take the CRIA practical exam at a later date, when they feel that they are ready to do so.
CREST Accredited Training
CREST has assessed and accredited this training course confirming alignment with 100% of the CREST CRIA exam syllabus.