Course Complete — Phishing Forensics
You Are a Phishing Forensics Analyst!
You've completed the TRACE course and earned the skills to investigate phishing evidence, read what every email really carries, and report in a way that actually stops campaigns
Your Certificate
This certifies that
Your Name
is now a Certified Phishing Forensics Analyst, having successfully completed
Phishing Forensics: Investigate and Report Like a Pro
Mastering the TRACE Framework — Take a Snapshot, Reveal the Real, Authenticate the Sender, Check the Landing, Escalate
Skills Mastered
Take a Snapshot
Preserve phishing evidence safely without destroying headers — before forwarding, deleting, or clicking anything
Reveal the Real
Read what every email carries beyond the surface layer — the "View Original" path and the three lines that matter
Authenticate the Sender
Interpret SPF, DKIM, and DMARC results in plain English — pass, fail, or missing — and what each means
Check the Landing
Safely investigate link destinations — including homograph attacks and redirect chains — without ever clicking
Escalate
Write reports that actually help SOCs, brand teams, and law enforcement identify and stop the campaign
The TRACE Framework
Investigate Every Suspicious Message
- T TAKE A SNAPSHOT — Screenshot the email with full headers visible. Forward as attachment if your client supports it.
- R REVEAL THE REAL — Open "View Original" / "Show Headers." Find From, Reply-To, and Return-Path.
- A AUTHENTICATE THE SENDER — Look for SPF/DKIM/DMARC results. Fail or missing = red flag.
- C CHECK THE LANDING — Hover over links, copy the URL, run it through a sandbox. Never click directly.
Then always → ESCALATE
Escalation Decision Tree
- 1 Report to IT/SOC first — Use your organization's phishing report button or abuse email. Include your screenshots.
- 2 Report externally if needed — APWG ([email protected]), brand abuse team, or IC3 for financial fraud.
- 3 Your report protects others — Campaign reports lead to takedowns. One report can protect thousands of other targets.