CREST Certified Host Intrusion Analyst
The CREST Certified Host Intrusion Analyst (CCHIA) examination tests candidates’ knowledge of analysing Windows hosts for evidence of potential compromise and analysing potential infection vectors.
The examination is a rigorous assessment of the candidate’s ability to assess a Windows host for indications of malware and related forensic artefacts.
The exam includes:
- Windows File Structures
- Application File Structures
- Windows Registry Essentials
- Identifying Suspect Files
- Memory Analysis
- Infection Vectors
- Malware Behaviours and Anti-Forensics
The format is the same for both the Intrusion Analysis exams and the Malware Analysis exams. The candidate will be expected to possess not only the technical ability to find security weaknesses and vulnerabilities, but also the skills to ensure findings are presented in a clear, concise and understandable manner. The examination consists of three tasks:
- A multiple choice technical examination
- A long form essay style written paper, testing both technical ability and presentation ability
- A hands-on practical examination
To pass the exam, the candidate must pass all three sections.
You can download the following documents from the links below:
Syllabus for the Certified Host Intrusion Analyst examination
Notes for Candidates to aid examination preparation
The Certified Host Intrusion Analysis examination costs £1,600 + VAT. The examination is currently delivered at CREST examination centres.
Recommended Preparation Material
The following material and media has been cited as helpful preparation for this examination by previous candidates:
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linus and Mac Memory (by Michael Hale Ligh/Andrew Case/Jamie Levy/Aaron Walters)
PDF Tools (from Didier Stevens)
Useful Information for Candidates
How to book
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue)
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)