Law enforcement agencies (LEAs) have a wealth of data at their disposal, but often struggle to use it effectively. This data, if properly accessed and analyzed, can help LEAs to make better investigative decisions, solve cases faster, and improve overall operations. Unfortunately, data is usually scattered across different sources and lacks a unified structure, making it difficult to piece together the full picture.
For instance, a police department might maintain separate databases for passwords, hashes, profiles, or seized databases coming from different operations. The absence of integration among these sources and the different technologies used to store them makes investigations challenging.
This whitepaper explores how law enforcement can overcome these challenges to support their criminal investigations. We’ll discuss the role of competency questions, explain how defining an ontology can make operations more effective and data-driven, discuss two approaches to storing and accessing internal data, and show how this can be done using Maltego.
By following our guidelines, cyber investigation teams will be able to not only enhance data quality and accessibility but also support comprehensive and accurate business intelligence and analytics, driving better decision-making and strategic planning.
Identify Data Sources Used in Criminal Investigations π︎
What data does your team use and need for criminal investigations? What technology was used to build the databases? Where are they stored, and in what format? How can they be queried effectively? Finding answers to these questions and understanding what information your data can offer (or lacks) is fundamental for making better-informed decisions in real time.
These data sources can be anything that includes pieces of information that may help identify a person, establish a timeline, or uncover connections. They can range from logs coming from incident reports and communication records when available. Depending on the focus of a given team, the specific data needs will differ.
INVESTIGATOR EXAMPLE Imagine the work of a cybercrime unit tracking an online fraud scheme. They would need to analyze data from financial transaction records, emails, IP addresses, and social media interactions. By having a clear understanding of where this data is stored and how to retrieve it swiftly, the unit can trace the digital footprints of the perpetrators, connect the dots between different data points, and uncover the network behind the fraud.
Understand Questions Your Data Should Answer π︎
Knowing your data sources and their contents is one thing, but figuring out how to leverage them for a specific project or investigation is the next challenge.
Letβs imagine the following scenario:
Case Study π︎
Your team works under an international law enforcement body. It is tasked with investigating a series of financial frauds linked to a major crime syndicate.
The investigation team will need to use several different datasets from different financial institutions, internet service providers (ISPs), and social media platforms.
The data includes transaction records, account details, and communication logs, originating from various sources built using diverse technologies, where each dataset follows its own format.
Your Goal: Analyze and model the data to identify patterns and connections that can lead to the crime syndicate’s key operatives.
Role of Competency Questions π︎
Before jumping straight into querying the different datasets, the first step is to ask and answer a set of competency questions. These questions help LEAs define what they want to learn from the data and what kind of information they need to find. For example:
- What specific fraudulent activities are you looking to identify?
- Are there particular transaction patterns indicating suspicious behavior?
- What connections between accounts and individuals are you trying to uncover?
Setting these questions upfront brings better focus to your data analysis, making your insights directly applicable to the investigation. This approach helps avoid aimless data sifting and ensures your efforts align with the investigation’s goals.
Finally, by understanding the needs, investigative teams can avoid focusing on unnecessary or irrelevant data points and stay on the right track instead of going down the rabbit hole without a clear strategic goal.
Download This Whitepaper π︎
The insights shared in this article are just the beginning steps to help your team understand the potential questions your data can answer. However, the challenge of using that data effectively and at scale, without missing any vital information, still remains.
This whitepaper aims to guide you through this process by defining common ontologies to ensure consistent terminology, introducing two effective data analysis strategies, and explaining how to standardize and centralize your data warehouse. Finally, it provides a comprehensive guide on leveraging Maltego to gain insights from both internal and OSINT data sources.
Download the resource
We hope this whitepaper will help you make better decisions about the use of internal data and OSINT within your unit or team of investigators.
Your Next Steps π︎
For more insights like this, you can check out our other resources:
- Why Law Enforcement Needs OSINT Tools
- OSINT Data to Support Subpoenaing Internet Service Providers
- How Law Enforcement Can Adapt to the Ever-Changing OSINT Landscape
Donβt forget to follow us on Twitter, LinkedIn, Mastodon, and sign up to our email newsletter, so you donβt miss out on updates and news!
Happy investigating!
About the Author π︎
Sergio Leal Rodriguez π︎
Sergio is an experienced and dedicated professional with more than 20 years of invaluable experience in coordinating, investigating, modeling data, and researching cybercrimes with a focus on the critical field of Child Sexual Abuse at Europolβs AP TWINS. His expertise lies in coordinating multi-agency efforts as well as conducting thorough investigations, and he has actively contributed to the development of innovative methodologies for data analysis and modeling in the context of child sexual abuse.
