CREST - CPIA (Practitioner Intrusion Analyst)



Only 4 Days



Classroom / Online / Hybrid

Next date

Next date:

25/7/2022 (Monday)


On this accelerated CREST Practitioner Intrusion Analyst course, you’ll learn the basics of the three primary areas of cyber-attack analysis: network intrusion, host intrusion and malware reverse engineering.

In just 4 days, you’ll learn the basics of malware analysis by understanding the key tools and techniques malware analysts use to examine malicious programs, you’ll also learn:

  • Soft skills and incident handling - incident chronology, record keeping, law and compliance
  • Core technical skills - file system permissions, network architectures and cryptography
  • Hiding techniques, binary obfuscation and processor architectures

At the end of this accelerated course, you’ll sit the CREST Practitioner Intrusion Analyst exam and achieve your certification. As a CREST Approved Training Partner you’ll get access to official courseware, exams and be trained by certified instructors.

Firebrand's Lecture | Lab | Review methodology means you’ll get certified at twice the speed of traditional training in a distraction-free environment.


This course is ideal for you if you're occupying one of the following roles and want to expand your knowledge on Digital Forensics:

  • Systems administrator
  • Incident handler
  • IT manager
  • Government or law enforcement worker

This is also an ideal starting point for those hoping to start a career in Intrusion Analysis or Digital Forensics as this course sets a new security baseline.

Next step: CREST Registered Intrusion Analyst

The CPIA certification is a prerequisite for the CREST Registered Intrusion Analyst course.

Firebrand's corporate training processes, policies and procedures have been successfully assessed against the CREST criteria for the Approved Training Provider discipline. Firebrand are currently working to get course content recognised.


Seven reasons why you should sit your course with Firebrand Training

  1. Two options of training. Choose between residential classroom-based, or online courses
  2. You'll be certified fast. With us, you’ll be trained in record time
  3. Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
  4. Pass first time or train again for free. This is our guarantee. We’re confident you’ll pass your course first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
  5. You’ll learn more. A day with a traditional training provider generally runs from 9am – 5pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day quality learning time, with your instructor
  6. You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
  7. You’ll be studying with the best. We’ve been named in Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 100,000 professionals
  • * For residential training only. Doesn't apply for online courses
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts


  • Module 1: Introduction to Digital Forensics and the Cyber Kill Chain
  • Module 2: Attack Methodologies and Malware types
  • Module 3: Evidence Handling and the Chain of Custody
  • Module 4: Network Data Sources
  • Module 5: Introduction to Network Netflow
  • Module 6: Network TCP/IP fundamentals
  • Module 7: Introduction to hashing, coding & encryption
  • Module 8: DNS Overview & Introduction
  • Module 9: Reconnaissance: Introduction and overview
  • Module 10: Network IDS/IPS introduction
  • Module 11: Hard Disk Drive Theory
  • Module 12: Introduction to operating systems
  • Module 13: Windows Fundamentals
  • Module 14: Acquisition
  • Module 15: Network Acquisition Software
  • Module 16: Network tcpdump
  • Module 17: Forensic Imaging and Hashing
  • Module 18: Live Windows Commands: built-in tools & email header analysis
  • Module 19: Analysis
  • Module 20: Network Miner
  • Module 21: Forensic Image Analysis
  • Module 22: Forensic Image Mounting
  • Module 23: Timeline Analysis
  • Module 24: Windows Overview – Windows Registry
  • Module 25: Windows Overview – Windows Boot Process
  • Module 26: Windows Overview – Prefetch
  • Module 27: Windows Overview – UserAssist & ShellBag Analysis
  • Module 28: Windows Event Logs
  • Module 29: Windows Volume Shadow Copies
  • Module 30: Windows Shimcache
  • Module 31: Dynamic Link Libraries
  • Module 32: Reporting: Writing Technical and Executive Reports

Exam Track

At the end of this accelerated course you’ll sit the following exam at the Firebrand Training centre covered by your Certification Guarantee:

The CREST Practitioner Intrusion Analyst (CPIA)

  • Language: English
  • Format: Multiple choice

What's Included

On this course, you'll get CREST Practitioner Intrusion Analyst courseware.

Your accelerated course includes:

  • Accommodation *
  • Meals, unlimited snacks, beverages, tea and coffee *
  • On-site exams **
  • Exam vouchers **
  • Practice tests **
  • Certification Guarantee ***
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Digital courseware **
  • * For residential training only. Doesn't apply for online courses
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts
  • *** Pass first time or train again free (just pay for accommodation, exams and incidental costs)


To attend this course, you should have a good understanding of the technical aspects of IT with at least one year's experience in network or server administration.

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.


Here's the Firebrand Training review section. Since 2001 we've trained exactly 124229 students and asked them all to review our Accelerated Learning. Currently, 96.62% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.

"The course was highly informative, providing a broad range of information. The instructor was extremely knowledgable and enthusiastic. This information will be extremely valuable as a Cyber Security Analyst."
M.P.. (6/8/2018 (Monday) to 9/8/2018 (Thursday))

"I believe the the course to greatly informative, content covers a large amount of the areas surrounding intrusion analysis. Information learned here will be taken forward and applied in real life scenarios in the future."
R.D.. (6/8/2018 (Monday) to 9/8/2018 (Thursday))

"Good trainers, well looked after with regards to accommodation and food."
Matt Finn, PwC. (6/8/2018 (Monday) to 9/8/2018 (Thursday))

"Fantastic instructor. Professional, enthusiastic, and knows the subject inside out. An absolute pleasure to learn from. "
J.M.J., Program Planning Professionals Ltd. (8/10/2018 (Monday) to 11/10/2018 (Thursday))

"The instructor we had was very knowledgeable and approachable and willing to delve further into detail (time permitting). Course content was very informative and additional reading material is very helpful so I know where to concentrate my efforts."
Philip Freeman, Xpertex. (8/10/2018 (Monday) to 11/10/2018 (Thursday))

Course Dates

CREST - Practitioner Intrusion Analyst (CPIA)




Book now

27/6/2022 (Monday)

30/6/2022 (Thursday)



25/7/2022 (Monday)

28/7/2022 (Thursday)

Limited availability

Book now

15/11/2022 (Tuesday)

18/11/2022 (Friday)


Book now

Latest Reviews from our students