In every cybercrime unit, Person of Interest (POI) investigations are at the core of daily casework. A POI might be a suspect, a victim, or even a witness, but in every case, investigators need to map their connections, behaviors, and digital traces to move a case forward. These investigations start in two ways: proactively, by watching digital spaces for early warning signs, or reactively, after an incident where speed and accuracy matter most.
What looks simple on the surface is one of the most resource-intensive and complex parts of modern law enforcement. The fragile nature of digital evidence, easily altered, deleted, or lost, combined with today’s overwhelming data volumes, makes these investigations particularly challenging. In this article, we’ll explore the trends shaping POI investigations, the challenges they create, why it matters now, and how agencies can prepare for the future.
Person of Interest investigations are becoming increasingly complex as law enforcement navigates massive digital footprints, rising information noise, and systemic resource constraints. Many agencies face challenges not only in the investigations themselves but also in how units are staffed, trained, and supported. These hurdles, ranging from skills gaps to technology shortfalls, directly impact the quality and timeliness of case outcomes. At the same time, global trends such as encrypted communications, synthetic media, and overloaded investigators are raising the stakes. Recognizing these challenges is the first step toward building more resilient, scalable, and future-ready investigative capacity.
Executive Summary 🔗︎
Understanding Modern Person of Interest Investigations 🔗︎
A Person of Interest (POI) investigation focuses on gathering, analyzing, and connecting information about an individual who may be relevant to a case, threat, or incident. A POI is not always a suspect. They might also be a victim, a witness, or someone who can provide crucial context to an investigation.
Today, these investigations are inherently digital. They involve identifying a person’s online presence, mapping their connections with other people, organizations, or networks, and analyzing their digital footprint across platforms such as social media, forums, breach data, public records, internal data, and other open sources. The goal is to assess risk or relevance: Does this person pose a security threat, have ties to criminal activity, or hold valuable intelligence?
Social media and online platforms are now central to almost every criminal case, but the digital landscape has never been harder to navigate. In 2025, more than 35 platforms and forums each attract over 100 million monthly users. Posts and accounts can disappear in seconds, fake or automated profiles distort reality, and AI-generated content fuels waves of fake news and disinformation.
Beyond social media, investigators face encrypted messaging apps that conceal communications, massive breach datasets that are nearly impossible to filter for relevance, and public records scattered across outdated or fragmented systems. In just the first six months of 2025, organizations reported 1,732 data breaches — more than eight every single day. All of this is compounded by overwhelming data volumes, making it increasingly difficult to separate meaningful intelligence from digital noise. Continue reading to learn more!
Watch the video to see how Maltego helps uncover the full story of a person’s digital presence. Starting from a single clue and expanding into their entire network of connections:
The Complexity Slowing Down Today’s Cybercrime Units 🔗︎
The fundamentals of investigative tradecraft haven’t changed, but the environment around them has. Several trends are converging:
- Overwhelming scale and speed: Almost every POI leaves behind a massive and fragmented trail across the surface web, like social media, messaging apps, and public forums, as well as the dark web, where encrypted platforms and hidden marketplaces conceal critical activity. This scale makes it easy to miss critical signals and find relevant intelligence.
- Information quality crisis: Open sources are powerful but noisy, blending reliable intelligence with disinformation, synthetic media, and deliberate obfuscation. Generative AI now acts as a force multiplier for these campaigns, flooding investigators with viral falsehoods and increasing the risk of chasing dead ends. This is where a trusted investigative platform makes the difference: by integrating high-quality internal and external databases directly into the workflow, analysts can anchor their work in verified intelligence.
- Time pressure: Digital evidence is fragile. It can be altered, deleted, or disappear entirely within minutes. Yet modern POI investigations are anything but fast. Analysts must sift through data from dozens of platforms, verify the authenticity of each piece, and preserve it in a way that will hold up in court. These steps take time, and every delay increases the risk of losing key leads, missing critical context, or ending up with evidence that cannot be used in prosecution.
- Legal restrictions: Different privacy and data protection laws apply across jurisdictions. In Europe, GDPR requires investigators to demonstrate a lawful basis before processing or storing data. In the U.S., a patchwork of federal, state, and contractual rules, plus risks under the CFAA or website terms, can stall investigations or trigger legal challenges. As a result, analysts spend valuable time on compliance hurdles instead of connecting leads.
These factors create a paradox: analysts have more data than ever, but less clarity and certainty in their work. So far, we’ve looked at challenges during investigations caused by external factors like today’s digital environment. But there are also systemic problems, such as limited resources and an unprepared workforce for a digital-first world, that begin before an investigation even starts and affect every stage of the casework.
The Systemic Hurdles Undermining Person of Interest Investigations 🔗︎
The success of a cybercrime unit is often decided before an investigation even starts. Deep-rooted systemic issues inside law enforcement create constant shortages of people, skills, and resources, that slow down, weaken, and limit the quality of their work.
- Lack of adequate resources and skills: Chronic underfunding and ongoing staffing shortages prevent units from adopting new tools or building deep expertise in specific platforms, criminal methods, or geopolitical regions. A 2024 Europol and Eurojust report on common challenges in cybercrime confirmed that many EU agencies lack sufficient staff, especially in specialized roles. As a result, analysts are forced to act as generalists, constantly jumping between disparate, complex cases. This constant switching takes a heavy mental toll, leading to fatigue and errors. A 2023 study found that 41% of fraud cases and nearly 97% of sextortion spam incidents were interconnected when case data was correlated.
- Staffing misalignment: Many OSINT analysts or investigation experts are staffed through internal transfers rather than skills-based recruitment. This means investigators often arrive without the necessary technical or digital literacy, such as social media or advanced cryptocurrency tracing, creating steep learning curves and stalled casework.
With a fast-changing digital environment and persistent systemic hurdles, investigations may succeed on a small scale but break down when stretched across hundreds of POI. Without a platform that scales investigations with automation, connects to diverse and reliable data, integrates high-quality internal databases, and enables teams to capture and share insights, collaboration stalls, and knowledge stays siloed at the individual level. Even with intuitive tools, if they are not designed to scale with the complexity of person-of-interest investigations, analysts end up juggling demands and requests, jumping between cases, and missing critical connections.
Why Addressing These Challenges Can’t Wait 🔗︎
Left unaddressed, these challenges don’t just slow investigations. They create serious risks, and the stakes are clear: cybercrime damages are projected to reach $10.5 trillion by 2025 and could reach as high as $15.63 trillion by 2029. The bigger issue is that missed leads and prematurely closed cases leave offenders free while victims lose faith in the system. Overworked investigators can’t maintain high performance — leading to burnout, fewer results, and lost trust from management. Meanwhile, criminals move faster with encrypted platforms, burner accounts, deepfakes, and social engineering, while law enforcement struggles to keep pace. The cost of inaction is not just inefficiency; it is mission failure.
Preparing for the Future of Person of Interest Investigations 🔗︎
Recognizing these challenges is not about pointing fingers, but rather about building readiness for solutions. Cybercrime units that acknowledge the complexity of the digital world and systemic barriers in POI investigations are better positioned to:
- Advocate for skills-first staffing and digital training.
- Shift budget priorities to automation and scalable platforms that lighten the load on small teams, cut tool complexity, and speed up both adoption and the path to the truth in high-stakes investigations.
- Explore emerging technologies, such as centralized investigative workspaces, AI-assisted case development and analysis, and structured collaboration tools that can turn overload into manageable clarity.
Person of Interest investigations are no longer routine background work; they are the cornerstone of proactive crime prevention and modern cybercrime response. Yet as the challenges scale, traditional methods and tools are straining under the weight of digital complexity, time pressure, and systemic constraints.
The way forward is to strengthen investigative capacity in cybercrime units by bringing in new platform expertise and adopting scalable technologies with automation, reliable data integrations, and shared workspaces to break down silos, reduce overload, and ensure critical connections aren’t missed.
Some agencies are already showing what this looks like in practice. In one European national cybercrime investigation agency, the OSINT team expanded from three officers to nearly ten. They secured better resources, like modern hardware, high-speed connectivity, and secure VPN access, and enhanced their capacity by bringing in external specialists such as social media experts, linguists, and psychologists. With the right investigative platforms and workflows, the unit was able to support other divisions more effectively and contribute directly to solving real cases.
Agencies that act now, by acknowledging these barriers and preparing to adopt innovative approaches, will be the ones to reclaim the investigative advantage. Those who delay risk losing pace not just with technology, but with the very criminals they are tasked to stop.
One truth is clear: the way we investigate persons of interest must evolve — and it must evolve now.
Expert Insights by 🔗︎
Sergio Leal Rodriguez
Sergio is an experienced and dedicated professional with more than 20 years of invaluable experience in coordinating, investigating, modeling data, and researching cybercrimes with a focus on the critical field of Child Sexual Abuse at Europol’s AP TWINS. His expertise lies in coordinating multi-agency efforts as well as conducting thorough investigations, and he has actively contributed to the development of innovative methodologies for data analysis and modeling in the context of child sexual abuse.
