// runnable playbook

invoice fraud / vendor account change

fraudulent invoice + bank-detail-change request. tightly coupled to BEC but specifically about the paid-invoice artifact and approval chain.

a guided path, not automation — each step opens a tool you run yourself; nothing uploads. progress is saved only in this browser.

// based on the curated pipeline

wraps the invoice fraud — document kit preset — drop fraudulent invoice PDFs + related .eml → headers → PDF forensics → stego scan → metadata genealogy → report

methodology guide →worked example →full tool list + 8 more pipelines →

guided steps

0/7 done

01
evidence manifest generator
hash invoices + email exports — wire-fraud cases live or die on document integrity
open tool →methodology
your note (local only)
02
email header analyzer
validate the approval-chain email headers for spoofing
open tool →methodology
your note (local only)
03
pdf forensics
object-level inspection of the invoice PDF structure
open tool →methodology
your note (local only)
04
pdf author and revision metadata deep analyzer
creation vs modification timestamps and author/producer mismatches
open tool →methodology
your note (local only)
05
pdf steganography checker
covert-channel surface scan — tampered invoices sometimes hide payload in whitespace
open tool →methodology
your note (local only)
06
document metadata genealogy tracer
compare metadata across the invoice set for template reuse
open tool →methodology
your note (local only)
07
case report generator
draft a report for finance + legal on document authenticity red flags
suggested options · title: invoice fraud — document assessment
open tool →methodology
your note (local only)

when you're done

export a run summary — a small JSON record of which steps you marked done, your notes, and a self-hash so the record can't be silently altered. it is your reproducibility note, not a per-tool receipt: each tool emits its own input→output receipt when you run it.