This blog was written by Flavio Critelli of the University of Perugia and co-founder of Italian Cyber Team. He is part of the Maltego Grants Program and works at the intersection of OSINT, threat intelligence, and investigative training for academic, law enforcement, and military audiences.
There is no shortage of data in modern investigations. If anything, the challenge is the opposite. For those of us working in OSINT and cyber investigations, the real problem is fragmentation. Signals are scattered across platforms, buried in webpages, and hidden behind layers of noise. The task is not about finding more information, but about connecting it, structuring it, and making sense of it. For us at Italian Cyber Team, this challenge became a turning point.
Before adopting Maltego Graph, our investigations relied on a combination of tools, manual processes, and analyst intuition. Valuable insights were often there, but difficult to surface consistently. Maltego introduced something fundamentally different. It allowed us to see data as a network rather than isolated fragments. Relationships became visible, patterns began to emerge, and what was once a scattered collection of findings transformed into structured results.
This shift reshaped how we approach investigations. It is no longer about chasing individual data points, but about building and navigating the intelligence cycle.
Building a Methodology, Not Just Using a Tool đź”—︎
As our work evolved, Maltego Graph became more than part of our toolkit. It became the foundation of our methodology.
We introduce it at the very start of our training programs, using it as the core framework for OSINT, Information Gathering, and Threat Intelligence. While the learning curve can feel steep at first, once the logic and goal become clear, the transformation is immediate. Analysts begin to think differently. The question shifts from “Where do I search?” to “How are these elements connected?” We did not stop at using Maltego out of the box. We built on it.
Recognizing that data collection is only one part of the intelligence process, we developed custom capabilities to push deeper into analysis and insight generation. One of our key developments was creating custom Transforms using the open-source TRX library to pull full webpage text directly into the Maltego canvas as Entities. This adds a new layer of analytical depth. Once the full content of a page is embedded into the graph, we can then run refined queries against it using Transforms, to extract specific information, identify key data points, or evaluate the relevance of the content to an investigation.
This allowed us to move beyond collecting data from disparate sources into something far more powerful: systematic analytical reasoning in one place.
From Classroom to Operations: Real-World Intelligence Impact đź”—︎
In the classroom, students learn to approach investigations visually and analytically, developing skills that reflect real-world investigation work. In operational environments, investigators can navigate complexity with greater clarity, reduce noise, and focus on what truly matters. The result is faster, more confident decision-making.
Perhaps most importantly, Maltego has allowed us to scale our thinking. What was once limited by human bandwidth can now be expanded through structured workflows and automation. Thanks to the open-source framework, the ability to design custom data integrations, and the freedom to develop our own databases, it offers unmatched capability to support a wide range of specific intelligence objectives.
Each connection not only improves our workflow, but deepens our understanding of how intelligence is constructed and connected. Maltego is no longer just a tool in our process, it is the environment in which our investigations take shape, where data becomes insight, and where analysts learn to think in connections rather than fragments.
From academic research to real-world investigations, it has fundamentally reshaped how we work and, in a landscape, defined by complexity, that clarity is everything. We are grateful to the Maltego Grants Program for their support, which has enabled us to expand our work, enhance our methodologies, and continue training the next generation of investigators.
References: đź”—︎
- You can explore some of our course materials here
- Our full contribution is published here on Github
