Requested resource is not accessible


DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

This course is based on a real cyber fraud case, and will present all the techniques and procedures performed in the investigation, technically and within the judiciary process. You will see how a real cyber crime occurs and how to manage it with the correct tools and limitations that come up. You will follow one case throughout the workshop and see examples from many others. 

  • IT professionals who want to learn about Cyber Fraud
  • Computer Science professionals looking to immerse themselves into Digital Forensics Investigations
  • Private Digital Forensics Investigators
  • Forensics Experts working with Governments and the Judiciary System
  • Technology students looking to learn about Digital Forensics Investigations
  • Law professionals looking to learn how Cyber Fraud occurs

This course is about how a fraud is done and how an unaware and unsuspicious employee can get tricked, all based on an example that actually took place. You will get a glimpse into a case that really happened, harmed a company with a significant amount of money, damaged a relationship with the provider, and you get to investigate it.

Your own fraud investigation might be just around the corner, so get ready for it now! In this course, you will not get a simple theoretical overview, but a straight jump into a real life case and you will have a great foundation built when you get to work investigating cyber fraud cases and, more specifically, how to assess users, so you will not fall into a situation like this.


What skills will you gain?

  • Where to start and what to look for in an investigation
  • Learn limits and boundaries between what is legal to do and what an investigator should not do
  • You will learn some of the most used networking tools
  • You will be able to do email forensics
  • Analytical thinking about where to look and what is not necessary to look at
  • Have the detective mindset
  • Trace IP addresses

You will learn how a digital forensics investigator should work a cyber fraud case, what are the most useful tools used, and what the best practices and standards are to follow.

What tools will you use?

Among others: 

  • WhatsApp, WeChat
  • Network Tools: nslookup, traceroute, whois, nmap


Course format:

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What should you know before you join?

  • Digital Forensics basic concepts
  • Knowledge about the relationship between technology and law is desirable but not required
  • Basic networking
  • Have an idea about messaging apps 

What will you need?

  • Hardware: A desktop PC/laptop with Internet connection, mobile phone is desired (OS is not important, we need it to run social media apps)
  • Software: For PC the network tools, for mobile WhatsApp and WeChat.

Your instructor: Jose Alfredo Llerena

I have a total of 12 years of experience within IT, where 5 years were as a digital forensics investigator, including submitting forensics reports and acting as a legal probe in judicial processes within the Judiciary System.

Currently working in a local University as a teaching assistant and dedicated tester in other platforms, and as a certified digital forensics investigator by the Judiciary System of my country. My work experience includes Universities, public and private companies.

I have eight years of experience in infrastructure, Linux and Windows servers, Oracle, MySQL and Postgres databases, and networking. Nine years of experience in programming, especially PHP and Javascript, but also in other languages like Java, Ruby, and Python. Academic experience of 1 year as a University Professor and 3 years as a Researcher.


Module 1: Network Tools, Technology in Judiciary Trials 

Applications like WeChat or WhatsApp are crucial in investigations. Chats are one of the most important tools simply because they can be the proof of a felony or cyber fraud; using them can help you  realize that something really happened. This module will prepare the students to look into and analyse them.

We will cover Messaging and Voice over IP application analysis, as well as explanation and demonstration of how and why screenshots and conversation backup are important in an investigation and judiciary process and how the hoax was discovered in the chats.

Covered topics:

  • Demonstration of acquisition of screenshots and backup of WhatsApp conversation 
  • Demonstration of acquisition of screenshots and backup of WeChat conversation
  • Analyzing and detecting the hoax in the conversation


  • You will look for examples of hoaxes in chat applications focusing on cyber fraud. The best way of finding this is in academic articles or success stories. For a better grade, students can give an example and look for a real case of an important hoax. It is not recommended to give the classical “click and bait” example.
  • The purpose of the exercise is for students to find more real cases of different kinds of Cyber Frauds and have a wider view of how people are deceived.

Module 2: Email Forensics

This module will show how to detect fraudulent emails, how to perform email forensics, and how deep is it possible to go when tracing emails. It will allow the student to know where to look and how far is it possible to go when tracing an email message.

Emails, as well as other applications, can be an important proof of a cyber felony, making this module important, as students will become skilled at differentiating between legitimate email and fraudulent email.

Networking tools will be used in this module to retrieve IP information. Online tool ip2location will be used to trace email and retrieve related information.

Covered topics:

  • Email header analysis
  • Detecting fake email addresses
  • Email spoofing and pivoting 


  • You will investigate cases of email phishing with big impact, like this course case. 
  • A couple of fraudulent mails will be provided besides the ones present in the real cyber fraud, so you will see how malicious emails look. After acknowledging the look of phishing emails, students will search for more examples, either finding them on the web or in their spam folder.

Module 3: Tracing IP addresses and DNS

This module will present the most useful network tools used to find information about DNS records and IP addresses. Beyond that, this module will show the limits and barriers of trying to trace and locate a cyber criminal, and when it is possible to succeed. 

Covered topics:

  • Main Network Tools: nslookup, traceroute, whois, nmap
  • Explanation of all information coming from the results of executing the above tools.
  • The legal procedure when obtaining the IP addresses, in general (specifics for your jurisdiction will be covered in the lab)


  • You will practice with network tools, preferably using IP addresses from module 2 exercises, so you can verify the origin and location of those IP addresses.

Module 4: Forensics Report for legal authorities

This module is about explaining general guidelines and how a report for a legal authority is done. This involves using a format and explaining the main components, which are antecedents, methodology used, conclusions, supporting material, sworn statement and attachments.

This module will also cover recommendations when defending the report in the court audience and how an investigator should behave.

Covered topics:

  • Who can submit a forensics report for a legal authority, in general (specifics for your jurisdiction will be covered in the lab)
  • The ethical aspects involved in a Forensics Report: How an investigator should behave, what should and should not be stated in the report, ethical behavior, impartiality
  • How to make a Forensics Report
  • How judiciary processes work, in general (specifics for your jurisdiction will be covered in the lab)


  • You will present a forensics report based on what was seen in the module. Those with more experience can submit their own format, either a private report or, if the report is for a legal authority, from the student’s country of origin.

Final Exam

The final exam will test the knowledge and skills you acquire throughout the course. It will include questions from all modules and topics.

  • 50 multiple-choice questions – 60 minutes


If you have any questions, please contact us at [email protected].

Course Reviews


1 ratings
  • 5 stars1
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. Great course


    Very interesting course, good for anyone going into fraud exanimation, financial investigations and so on.
    I especially like the demonstration of a fraud case on social media and how to tackle such an investigation. And the exercises and exam offer opportunity to test your understanding.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023