Detect
Protect
Build
Insights
About
Digital Threat Digest Insights Careers Let's talk

Digital Forensics & Incident Response Practitioner (CRIA)

Our CREST-Approved and NCSC-Certified Digital Forensics & Incident Response Practitioner training provides participants with the advanced level skills required to understand how to plan an investigation, prioritise and analyse forensics data, and establish the cause, purpose and potential impact of the incident.

Man-and-umbrella-2.png?auto=compress%2cformat&fit=crop&fm=webp&h=0&ixlib=php-3.1

Participants will learn how to correlate events from multiple forensics data sources to provide reports presenting a narrative.

This training is suitable for those experienced and already working in a role within a CSIRT, CIRT, CERT, SOC, or operational IT staff whose responsibilities include the aforementioned duties.

Training is aligned to support individuals seeking to undertake the CREST Registered Intrusion Analyst (CRIA) exam.

This training can be delivered virtually, at our London or Bristol facilities or at our clients’ premises; training is typically for group bookings only.

Certification

NCSC Assured & CREST Approved

NCSC Assured Training at Application Level with IISP Core Skills A1, A2, A3, A6, B1, B2, D1, D2, E1, E2, E3, F1, F2, F3, G1, H1, H2.

CREST-Approved Training.

Aim

By the end of this training, you will be able to provide incident response and digital forensics expertise to an organisation. You will be able to competently analyse artefacts to determine root cause, remediate systems and networks to reduce widespread infection and ensure resilience is established to prevent the likelihood of future breaches or successful malware attacks.

Audience

Experienced technical cyber security professionals who wish to expertly use their hands-on skills in incident response and digital forensics abilities to fulfil advanced defense and protection responsibilities. Examples roles might include:

  • Experienced cyber security roles in a SOC, CSIRT, CIRT, CERT.
  • 3nd line operational IT staff with DFIR duties and responsibilities
  • Digital Forensic Investigators
  • Cyber-crime Analysts/Investigators
  • Threat Hunters
  • Incident Responders
  • Digital Forensic Specialists
  • Cyber Threat Intelligence Analysts
  • Technical Cyber Security Specialists
  • Senior Blue Team members
Learning outcomes
  • Demonstrate advanced use of current tools and techniques used by senior cyber security incident response and digital forensics practitioners.
  • Analyse volatile data and memory dumps to extract information.
  • Determine if anomalous code is malicious or benign.
  • Identify anti-forensics tactics, techniques and procedures.
  • Learn how malware evades virtual machine detection and identify obfuscation techniques.
  • Discuss malware analysis concepts and methodologies.
  • Recognise and interpret malicious network activity in traffic.
  • Discover, capture, contain and report malware.
  • Practise methodologies using various forensic tool suites.
  • Understand software reverse engineering techniques.
  • Comprehend malware reverse engineering concepts.
  • Follow and consider the applicable laws, policies and procedures relating to the collection and admissibility of digital evidence.
  • Design and critique processes for collecting, packaging, transporting and storing electronic evidence while maintaining chain of custody.
  • Manage relevant senior stakeholders.
  • Create and present clear and concise technical documentation to technical and non-technical third parties.
Prerequisites
  • Experience of working in a SOC, CSIRT, CIRT, CERT or a minimum of 3rd line operational IT support experience.
  • Working experience of using the command line with Linux and Windows.
  • Ideally Digital Forensics and Incident Response Associate training or ideally CREST’s CPIA qualification – or equivalent.
  • Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
  • For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.
Syllabus

This training can be tailored to an industry, or for a defined audience with various durations. Example topics typically include:

Identification

  • Introduction to Incident Response
  • Incident Response Policies and Methodologies
  • Law and Compliance
  • Digital Evidence Acquisition Methodologies and Evidence Handling
  • Identify Environment Abnormalities
  • Linux
  • What is a Malicious File?
  • Identifying Suspect Files
  • Windows Memory Manager

Acquisition

  • Capturing Volatile Memory
  • Email Analysis
  • Acquiring Samples
  • Scripting
  • Infection Vectors
  • Live Forensics
  • Linux Built-in Tools
  • Windows File Structures
  • Smartphone Forensics Overview

Analysis

  • Important Artefacts
  • Analysis Environment
  • Virtualization in Analysis
  • Application File Structures
  • Basic Static Analysis
  • Windows Registry Essentials
  • Basic Dynamic Analysis
  • Live Malware Analysis
  • Anti-Analysis Techniques
  • Volatility
  • Yara
  • Analysis of Artefacts and Conclusions
  • Wipe vs Remediate
  • Introduction to Assembly
  • Introduction to Debugging
  • Functionality Identification
  • Processor Architectures
  • Windows Executable File Formats
  • Behavioural Analysis
  • Endpoint Detection and Response Tools
  • Reporting and Findings Documentation

  • CRIA Practice Exam Preparation
  • PGI Assessment