Looking for Global training? Go to https://firebrand.training/en or stay on the current site (Schweiz)


CREST CPIA (Practitioner Intrusion Analyst)

- Only 4 Days

On this 4-day accelerated CREST Practitioner Intrusion Analyst course, you'll become familiar with the basics of the three primary areas of cyber-attack analysis: network intrusion, host intrusion and malware reverse engineering.

You'll be CREST CPIA trained 20% faster than traditional courses. You'll be immersed in the CPIA curriculum using our unique Lecture | Lab | Review technique - helping you build and retain information faster.

Your expert instructor will guide you through how to detect and handle an attack. Then trace, acquire, investigate, analyse and re-construct the incident. Throughout your CPIA training you'll study the basics of malware analysis by understanding the key tools and techniques malware analysts use to examine malicious programs.


Achieve the CPIA certification fast as you learn:

  • Soft Skills and Incident Handling - incident chronology, record keeping, law and compliance
  • Core Technical Skills - file system permissions, network architectures and cryptography
  • Network Intrusion Analysis - unusual protocol behaviour, internal spread and privilege escalation
  • Analysing Host Intrusions - identifying suspect files, malware behaviours and anti-forensics
  • Reverse Engineering Malware - hiding techniques, binary obfuscation and processor architectures

During the course, you'll prepare for the CPIA exam. Don't pass the first time? Don't worry - we've got you covered with your Certification Guarantee.

This course is ideal for you if you're a systems administrator, incident handler, IT manager, Government or law enforcement wishing to expand your knowledge on Digital Forensics. This is also a perfect starting point for those hoping to start a career in Intrusion Analysis or Digital Forensics as this course sets a new security baseline.

The CPIA certification is a prerequisite for the CREST Registered Intrusion Analyst course.

See Benefits...

See prices now to find out how much you could save when you train at twice the speed.

Four reasons why you should sit your course with Firebrand Training

  1. You'll be trained and certified faster. Learn more on this 4-day accelerated course. You'll get at least 12 hours a day of quality learning time in a distraction-free environment
  2. Your course is all-inclusive. One simple price covers all course materials, exams, accommodation and meals – so you can focus on learning
  3. Pass first time or train again for free. Your expert instructor will deliver our unique accelerated learning methods, allowing you to learn faster and be in the best possible position to pass first time. In the unlikely event that you don't, it's covered by your Certification Guarantee
  4. Study with an award-winning training provider. We've won the Learning and Performance Institute's "Training Company of the Year" three times. Firebrand is your fastest way to learn, with 75056 students saving more than one million hours since 2001

Think you are ready for the course? Take a FREE practice test to assess your knowledge!

Please Note

  • Examination vouchers not included for GIAC, CREST and CISSP CBK Review
  • On site testing not included for GIAC, CREST or ITIL Managers and Revision Certification Courses

Benefits of Training with Firebrand

  • Distraction-free residential training - you’ll live just steps away from your classroom
  • A purpose-built training centre – get access to dedicated Pearson VUE Select facilities
  • Your Certification Guarantee – pass first time or train again free (just pay for accommodation, exams and incidental costs)
  • Everything you need to certify – you’ll even sit your exam on the course and return home certified
  • No hidden extras – one cost covers everything you need to certify

See Curriculum...

Module 1: Soft Skills and Incident Handling

  • Engagement Lifecycle Management
  • Incident Chronology
  • Law & Compliance
  • Record Keeping, Interim Reporting & Final Results
  • Threat Assessment

Module 2: Core Technical Skills

  • IP Protocols
  • Network Architectures
  • Common Classes of Tools
  • OS Fingerprinting
  • Application Fingerprinting
  • Network Access Control Analysis
  • Cryptography
  • Applications of Cryptography
  • File System Permissions
  • Host Analysis Techniques
  • Understanding Common Data Formats

Module 3: Background Information Gathering & Open Source

  • Registration Records
  • Domain Name Server (DNS)
  • Open Source Investigation and Web Enumeration
  • Extraction of Document Meta Data
  • Community Knowledge

Module 4: Network Intrusion Analysis

  • Network Traffic Capture
  • Data Sources and Network Log Sources
  • Network Configuration Security Issues
  • Unusual Protocol Behaviour
  • Beaconing
  • Encryption
  • Command and Control Channels
  • Exfiltration of Data
  • Incoming Attacks
  • Reconnaissance
  • Internal Spread and Privilege Escalation
  • Web Based Attacks
  • False Positive Acknowledgement

Module 5 Analysing Host Intrusions

  • Host-Based Data Acquisition
  • Live Analysis Laboratory Set-up
  • Windows File System Essentials
  • Windows File Structures
  • Application File Structures
  • Windows Registry Essentials
  • Identifying Suspect Files
  • Storage Media
  • Memory Analysis
  • Infection Vectors
  • Malware Behaviours and Anti-Forensics
  • Rootkit Identification
  • Live Malware Analysis

Module 6: Reverse Engineering Malware

  • Windows Anti-Reverse Engineering
  • Functionality Identification
  • Windows NT Architecture
  • Windows API Development
  • Binary code structure
  • Cryptographic Techniques
  • Processor Architectures
  • Windows Executable File Formats
  • Hiding Techniques
  • Malware Reporting
  • Binary Obfuscation
  • Behavioural Analysis

Module 7: CPIA Exam Preparation & Mock Exam

  • CPIA- Examination Guidance
  • CPIA- Mock Examination

See Exam Track...

The CREST Practitioner Intrusion Analyst exam is a closed book exam comprising of 120 multiple choice questions.

Exam time: 2 hours

The exam fee is not included in the course price. If you wish to take the exam, we'll provide instructions on how to register with CREST.

See What's Included...

On this course, you'll get CREST Practitioner Intrusion Analyst courseware.

Your accelerated course includes:

  • Accommodation
  • Meals, unlimited snacks, beverages, tea and coffee
  • Onsite exams
  • Examination vouchers*
  • Practice tests**
  • Certification Guarantee***
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Hands-on training through Lecture | Lab | ReviewTM
  • Digital courseware (if available)
  • * Exam vouchers may not be included for Apprentices and will require a separate purchase by an employer due to ESFA guidelines
  • ** Not on all courses
  • *** Pass first time or train again free (just pay for accommodation, exams and incidental costs)

See Prerequisites...

To attend this course, you should have a good understanding of the technical aspects of IT with at least one year's experience in network or server administration.

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.

See Prerequisites...

Um diesen Kurs erfolgreich zu absolvieren, sollten Sie ein gutes Verständnis von den technischen Aspekten der IT aufweisen und mindestens ein Jahr Erfahrung in der Netzwerk- oder Serververwaltung haben.

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.

See Dates...

CREST Course Dates





Book now

25.11.2019 (Monday)

28.11.2019 (Thursday)




30.3.2020 (Monday)

2.4.2020 (Thursday)

Wait list



11.5.2020 (Monday)

14.5.2020 (Thursday)

Limited availability



22.6.2020 (Monday)

25.6.2020 (Thursday)




3.8.2020 (Monday)

6.8.2020 (Thursday)




14.9.2020 (Monday)

17.9.2020 (Thursday)




Here's the Firebrand Training review section. Since 2001 we've trained exactly 75056 students and asked them all to review our Accelerated Learning. Currently, 96.79% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.

"The course was highly informative, providing a broad range of information. The instructor was extremely knowledgable and enthusiastic. This information will be extremely valuable as a Cyber Security Analyst."
M.P.. (6.8.2018 to 9.8.2018)

"I believe the the course to greatly informative, content covers a large amount of the areas surrounding intrusion analysis. Information learned here will be taken forward and applied in real life scenarios in the future."
R.D.. (6.8.2018 to 9.8.2018)

"Good trainers, well looked after with regards to accommodation and food."
Matt Finn, PwC. (6.8.2018 to 9.8.2018)

"Fantastic instructor. Professional, enthusiastic, and knows the subject inside out. An absolute pleasure to learn from. "
J.M.J., Program Planning Professionals Ltd. (8.10.2018 to 11.10.2018)

"The instructor we had was very knowledgeable and approachable and willing to delve further into detail (time permitting). Course content was very informative and additional reading material is very helpful so I know where to concentrate my efforts."
Philip Freeman, Xpertex. (8.10.2018 to 11.10.2018)

Latest Reviews from our students