Empowering Investigation Analysis with Predictive, Geospatial, and Text Mining Analytics

From IC Insider Alteryx

By Andy MacIsaac, Solutions Marketing Director, Alteryx, Inc.

Author’s Note: Names, characters, and incidents in this blog are used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental.

I’m a big fan of the TV show NCIS, and throughout its 18+ seasons, special agent Leroy Jethro Gibbs and his team of investigators have put the pieces together to solve some intense cases. In any law enforcement or national security investigation, various pieces of data need to come together and some of my favorite scenes from the show are when agent Gibbs and his team are in the bullpen at the start of an investigation and they run through what they know. Running this information through a series of databases and sources of demographic data often leads to additional avenues for follow-up. While NCIS is a TV drama, the scenario does represent some of the basic steps that go into a law enforcement related investigation, specifically finding out what information is currently known and then analyzing that information to find other pieces of data for investigation.

Now it’s time to put on our own detective hats.

In the Alteryx workflow illustrated here, let’s assume that we have a confirmed piece of information related to the name of a person of interest. In this case, the person of interest is Conor Brown. With this as a starting point, we can use the Alteryx Analytic Process Automation Platform™ (APA) to build a resume for a person of interest who might deserve additional investigative follow-up. The first part of the workflow illustrates how through an API, an automated callout can be made to a demographic data source like TransUnion ™ to pull data related to a known quantity, which, in this case, is the name of our person of interest.

Who is Conor Brown?

With a confirmed name, additional analysis can be conducted to identify possible aliases or derivatives of the name and compare pieces of information that remain consistent across the various possible identities. Once the name and/or the derivatives are identified, a deeper search through a Dark Web API can be conducted to find emails and associated IP addresses to determine further connections. In this case, the search has identified a consistent domain name of “fantasyisland2.com” which is used consistently by Conor Brown and various derivatives of his name. For us (as the investigator) this is an avenue for further analysis, and by pursuing the proper warrants, an investigator could then access information based on IP addresses associated with domains which could include location intelligence such a latitude and longitude information.

Identifying Network Connections

Now enriched with deeper information on the virtual footprint of Conor Brown, we can use the native capabilities found in the Alteryx APA Platform to conduct a network analysis that identifies connections between various pieces of information and people. In this case, we would discover a network connection between Connor Brown and a person named Zelda Moore. Further investigation indicates a direct connection between SSID in variations of the “fantasyisland2” domain.

Going Deeper with Text Mining Analysis

This information could lead investigators to follow up on Zelda Moore and investigate publicly available information such as her social media profile. With a social media API, investigators could pull the known social media profiles of both Conor Brown and Zelda Moore to compare and contrast consistent themes and topics discussed. In this example, a Word Cloud illustrates the similar views and themes expressed by both Conor and Zelda related to guns and ammunition. Further analysis of this unstructured data could be conducted to determine expressed sentiment and topics contained in their respective public social media postings.

Getting Geospatial

Going back to the collected IP address information and the gathered location intelligence, we could use the native geospatial analytics capabilities found within the Alteryx APA Platform to create a virtual representation of the locations where the IP addresses are physically located. With this, longitude and latitude geospatial analysis could be plotted, spatial points created, and a distance radius plotted. In this illustrative example, this analysis shows that at some point in time, devices associated with Zelda Moore and Conor Brown have been tracked in close proximity to each other.

Faster Investigations with Intelligence Suite Equals Accelerated Results

In the world of NCIS, Agent Gibbs and his team have access to a number of tools to find hidden connections. What we have illustrated here (albeit at a high level) is that many of the investigative analysis capabilities seen in the world of NCIS can be found within the Alteryx APA Platform. The primary message here is that all these analytic capabilities and many more are available in a unified platform.  The value of this unified approach is that it reduces the time and complexity that often delay law enforcement and intelligence related investigations. By reducing the time required by investigators and analysts to compile data, prep it and blend it, more time can be spent on analysis and identifying valuable connections. As a result, investigations can be made efficient, and more importantly, investigative resolutions can be made to help ensure higher levels of public safety and national security.

For more information and to see these investigative intelligence analytics in action join us for a live webinar on December 16th at 2PM EST.

About Alteryx, Inc.

Revolutionizing business through data science and analytics, Alteryx offers an end-to-end analytics platform that empowers data analysts and scientists alike to break data barriers, deliver insights, and experience the thrill of getting to the answer faster. Organizations all over the world rely on Alteryx daily to deliver actionable insights. For more information, visit www.alteryx.com.

Alteryx is a registered trademark of Alteryx, Inc.

About IC Insiders

IC Insiders is a special sponsored feature that provides deep-dive analysis, interviews with IC leaders, perspective from industry experts, and more. Learn how your company can become an IC Insider.