The wallet file isn't fake per se, nor are the transactions it shows. What's fake about it is that it doesn't contain the private keys it claims it does.

It actually is not that complicated. You don't need to check any data consistency, time, etc. You don't need to check any of the things you mentioned. You also don't really need to look at the wallet code because the data that they are manipulating doesn't change frequently, if ever. In fact, the specific database fields that are being modified will likely never change in order to maintain backwards compatibility with older wallet versions.

What the authors have done here is simply add fields which represent encrypted keys. These fields contain the pubkey and the encrypted private key which will typically just look like random data (because that's the point of encryption). What the authors have done is just create a field that contains the pubkey and random data (or in this case, a string) as the private key.

It is impossible for anyone (technical or not, professional or not) to identify that the wallet is "fake" by simply looking at it (besides the fact that common sense tells you its a scam). If done correctly, the supposed encrypted key will be garbage data and its veracity cannot be determined without knowing the decryption key. Of course, if it's just zeroes or some other obvious non-random data, then it can be easily determined. You can inspect the data of a wallet.dat file using BDB 4.6's db_dump tool.