Editor’s Note: Names, characters, and incidents in this blog are used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental.
I’m a big fan of the TV show NCIS, and throughout its 18+ seasons, special agent Leroy Jethro Gibbs and his team of investigators have put the pieces together to solve some intense cases. In any law enforcement or national security investigation, various pieces of data need to come together, and some of my favorite scenes from the show are when agent Gibbs and his team are in the bullpen at the start of an investigation and they run through what they know. Then, they run this information through a series of databases and sources of demographic data which often leads to additional avenues for follow-up.
While NCIS is a TV drama, the scenario does represent some of the basic steps that go into a law enforcement related investigation, specifically finding out what information is currently known and then analyzing that information to find other pieces of data for investigation.
Now it’s time to put on our own detective hats.
In the Alteryx workflow illustrated here, let’s assume that we have a confirmed piece of information related to the name of a person of interest. In this case, the person of interest is Conor Brown. With this as a starting point, we can use the Alteryx Analytic Process Automation Platform™ (APA) to build a resume for a person of interest who might deserve additional investigative follow-up. The first part of the workflow illustrates how through an API, an automated callout can be made to a demographic data source like TransUnion ™ to pull data related to a known quantity, which, in this case, is the name of our person of interest.
Who is Conor Brown?
With a confirmed name, additional analysis can be conducted to identify possible aliases or derivatives of the name and compare pieces of information that remain consistent across the various possible identities. Once the name and/or the derivatives are identified, a deeper search through a Dark Web API can be conducted to find emails and associated IP addresses to determine further connections. In this case, the search has identified a domain name of “fantasyisland2.com” which is used consistently by Conor Brown and various derivatives of his name.
This is an avenue for further analysis, and by pursuing the proper warrants, an investigator could then access information based on IP addresses associated with domains which could include location intelligence such a latitude and longitude information.
Identifying Network Connections
Now enriched with deeper information on the virtual footprint of Conor Brown, we can use the native capabilities found in the Alteryx APA Platform to conduct a network analysis that identifies connections between various pieces of information and people. In this case, we would discover a network connection between Conor Brown and a person named Zelda Moore. Further investigation indicates a direct connection between SSID in variations of the “fantasyisland2” domain.
Going Deeper with Text Mining Analysis
This information could lead investigators to follow up on Zelda Moore and investigate publicly available information such as her social media profile. With a social media API, investigators could pull the known social media profiles of both Conor Brown and Zelda Moore to compare and contrast consistent themes and topics discussed.
In the example above, a Word Cloud illustrates the similar views and themes expressed by both Conor and Zelda related to guns and ammunition. Further analysis of this unstructured data could be conducted to determine expressed sentiment and topics contained in their respective public social media postings.
Getting Geospatial
Going back to the collected IP address information and the gathered location intelligence, we could use the native geospatial analytics capabilities found within the Alteryx APA Platform to create a virtual representation of the locations where the IP addresses are physically located. With this, longitude and latitude geospatial analysis could be plotted, spatial points created, and a distance radius plotted. In this illustrative example, this analysis shows that at some point in time, devices associated with Zelda Moore and Conor Brown have been tracked in close proximity to each other.
Faster Investigations with Intelligence Suite Equals Accelerated Results
In the world of NCIS, Agent Gibbs and his team have access to several tools to find hidden connections. What we have illustrated here (albeit at a high level) is that many of the investigative analysis capabilities seen in the world of NCIS can also be found within the Alteryx APA Platform. The primary message here is that all of these analytic capabilities and many more are available in a unified platform which reduces the time and complexity that often delay law enforcement and intelligence related investigations.
By reducing the time required by investigators and analysts to compile data and prep it and blend it, more time can be spent on analysis and identifying valuable connections. As a result, investigations are more efficient, and more importantly, investigative resolutions can be made to help ensure higher levels of public safety and national security.
STAY PUT.
READ
Every day, federal, state, and local governments are one of the biggest, if not the
biggest, producers of data in the world. Learn how to make your data work for you.