Hey everyone,
I've recently become really interested in ethical hacking and cybersecurity, and I'm starting to dive into learning the tools and methods used to protect systems and investigate threats responsibly.

At the same time, something serious happened to a close friend — they’re being extorted by a random person online, and the threats are coming from a Facebook account that looks fake or suspicious. We’re trying to figure out who might be behind the profile so they can report it properly and take the right steps to stay safe.

I know there are limits to what can and should be done legally and ethically, so I’m looking for guidance on:

• What tools or techniques ethical hackers or digital investigators use to trace fake profiles (within legal limits).

• What kind of information can be gathered legally from a Facebook profile (e.g., metadata, behavioral patterns, etc.).

• Where my friend should report this kind of behavior (Facebook, law enforcement, cybercrime units, etc.).

• Any beginner-friendly ethical hacking resources that cover digital forensics or social engineering awareness.

I’m not looking to hack anyone — just want to understand how these investigations are approached in the real world and how we can handle this situation the right way. Any advice or resources would be super appreciated.

Thanks in advance!