Its better to get the content from SANS since questions can be centered around what you saw/learned in the course not the Practical Malware Analysis book. There are quite a few tools covered in SANS that are not even mentioned in the Practical book. I have the practical book and while its ok, there are certain subjects that are covered in depth during the course (SANS) but only brushed up on in the Practical book.

You're missing the point here. SANS' exam is whatever they want it to be not what another book places inside of it. You asked a specific question and got a specific answer. I have both books, Malware Analyst Cookbook and Practical Malware Analysis, while there is SOME content SIMILAR to what is on the GREM exam, the questions on the GREM exam are SPECIFIC to what is in SANS' content NOT the two other books. Can you pass it with just those two books? NO Does this mean you can't learn from those books? NO You WILL learn from those books but it will NOT be enough to do the GREM exam especially when during GREM training they use CONCEPTS, applications and approaches that differ from what is covered in those two books.

I can't speak for this exam specifically, but it's definitely possible to pass SANS/GIAC exams without taking the corresponding course. You'll get two practice exams with a challenge attempt. While the difficulty may be less than the actual exam, the practice exams are still very useful for identifying gaps in knowledge. You'll undoubtedly be exposed to new tools, techniques, etc., and then you can go do some independent research. Also be sure to review the day-by-day breakdown on the course page and research all those items.

Good books for this cert
Malware: Fighting Malicious Code - Made by Course Writer Lenny Z. and Other Sans Instructor Ed S.

Malware Analysts Cookbook

and this book and you will be all set.

nice, thanks!