This sounds intriguing. I have network forensic and malware analysis training and experience as well as some background in offensive security techniques which sounds like the cross section of skills you need. There are two paths to follow on an analysis like this, static and dynamic, and each will provide slightly different results based on the level of access in the attack chain. For instance being able to review the access logs of the ad provider would go a long way to finding your offender.
If you think I can help, we can discuss options, scope, and fees moving forward.
Thanks,
Ken