When it comes to malware, experience will trump the cert so you want to get your hands dirty on this. The GREM is not that hard, but it is not an easy exam.
It is considered an advanced forensics course by some so its best to look at it as such. In order to understand malware, you will need to understand a lot (emphasis A LOT) about the system the malware is targeting. This means you need to familiarize yourself with the appropriate tools to perform the appropriate function: Watch memory, the registry, file system, honeypots, networking.
GREM as a class was a pretty cool course but experience and tinkering on your own will yield you greater results AFTER the exam. For that, I recommend labbing up REMNUX, Virtualbox over VMWare, heading to Contagiodump and learning the ropes with live samples.
If you care to see a fast paced analysis check out what I did for the RSA compromise to give you an idea.
http://www.infiltrated.net/rsa-comp-analysisYou seriously need to understand a lot of different topics including Assembly, Java, Debugging, Reversing using IDA/WinDBG/Olly and so forth, tool FUNCTIONS etc to pass the GREM though.
As for the work, can be really tricky. I have been working on an analysis right now for the past 6 months as part of a project. The sample I am using changes every four hours. My analysis documents and analyzes memory, registry, network connections and a heap of other things. Since it changes so much, I have had to write custom programs to keep track of what is new, what has changed and so forth. For anyone wondering the sample is part of a C&C and that's all I will say about it
Programming : Finished Python Course in Codecademy now what?
