About this Product

Code QACRIAVBL

This course leads to the CREST Registered Intrusion Analyst (CRIA) examination (not included), which supports career advancement in incident response.

This is the first cross discipline course of its' kind that covers the essential knowledge and hands-on practical skills needed for intrusion detection, incident handling, computer/network forensics and malware reverse engineering.

This course raises the bar and sets a new security baseline for existing practitioners and aspiring Intrusion Analysis and Digital Forensics professionals. Every team member should take this course at some point along their career path. Following this course a student may challenge the CREST core skills exam resulting in the CREST Registered Intrusion Analyst (CRIA) professional qualification.

You will learn how to detect an attack, how to handle it, how to trace and acquire the evidence, investigate, analyse and re-construct the incident. We then lay the groundwork for malware analysis by presenting the key tools and techniques malware analysts use to examine malicious programs. Practical exercises throughout ensure that the skills learned can be put to work immediately and that you are prepared for the CRIA practical exam.

Target Audience

  • Aspiring information security personnel who wish to be part of an incident response team
  • Existing practitioners wishing to become CREST Registered
  • System administrators who are responding to attacks
  • Incident handlers who wish to expand their knowledge into Digital Forensics
  • Government departments who wish to raise and baseline skills across all security teams
  • Law enforcement officers or detectives who want to expand their investigative skills
  • Information security managers who would like to brush up on the latest techniques and processes in order to understand information security implications
  • Anyone meeting the pre-requisites who is considering a career in Intrusion Analysis or Digital Forensics

Prerequisites

A pass at CPIA level is a pre-requisite for the Intrusion Analyst examination.

Objectives

The course consists of six modules:

  • Module 1 – Soft Skills and Incident Handling
  • Module 2 – Core Technical Skills
  • Module 3 – Background Information Gathering & Open Source
  • Module 4 – Network Intrusion Analysis
  • Module 5 – Analysing Host Intrusions
  • Module 6 – Reverse Engineering Malware
  • Module 7 – CRIA exam preparation, CRIA mock exam

Assessment

Continual assessment, with topic quizzes and module tests, ensure that you understand the knowledge and learn the skills delivered in each module.

Outline

MODULE 1 - Soft Skills and Incident Handling

  • Incident Chronology
  • Record Keeping, Interim Reporting & Final Results

MODULE 2 - Core Technical Skills

  • IP Protocols
  • Common Classes of Tools
  • Application Fingerprinting
  • Network Access Control Analysis
  • Host Analysis Techniques

MODULE 3 - Network Intrusion Analysis

  • Data Sources and Network Log Sources
  • Beaconing
  • Command and Control Channels
  • Exfiltration of Data
  • Incoming Attacks
  • Reconnaissance
  • Internal Spread and Privilege Escalation
  • False Positive Acknowledgement

MODULE 4 - Analysing Host Intrusions

  • Windows File System Essentials
  • Windows File Structures
  • Application File Structures
  • Windows Registry Essentials
  • Identifying Suspect Files
  • Memory Analysis
  • Infection vectors
  • Live Malware Analysis

MODULE 5 - Reverse Engineering Malware

  • Functionality Identification
  • Processor Architectures
  • Windows Executable File Formats
  • Behavioural Analysis

MODULE 6

  • CRIA Exam Preparation & Mock Exam
  • CRIA - Examination Guidance
  • CRIA - Practice Exam

CREST Exam - Booked directly via CREST

CREST Registered Intrusion Analyst (CRIA)

The technical syllabus for Intrusion Analysis identifies at a high level the technical skills and knowledge that CREST expects candidates to possess for the Certification examinations in this area. The CREST Registered Intrusion Analyst (CRIA) examination is a practical assessment where the candidate will be expected to perform basic network intrusion analysis, host intrusion analysis, and malware reverse engineering. A pass at CPIA level is a pre-requisite for the Registered Intrusion Analyst examination and success at both CPIA and CRIA will confer the CREST Registered status to the individual. An individual passing the CPIA but failing the practical element, which is the CRIA exam, will still retain the CPIA Practitioner certificate and may apply to re-take the CRIA practical exam at a later date, when they feel that they are ready to do so.

CREST Accredited Training

CREST has assessed and accredited this training course confirming alignment with 100% of the CREST CRIA exam syllabus.

Delivery Method

Delivery method

E-learning

Learn in your own time, at your own pace, and in the comfort of your own home, office, or even on your mobile device.

Total price: £1795

CREST Registered Intrusion Analyst Online Learning
Code: QACRIAVBL

Buy now