Link analysis is based on a branch of mathematics called graph theory. It is a technique used in a variety of fields to investigate the relationships between different pieces of information such as people, organizations, online accounts, messages, transactions, aliases, web pages and other digital artifacts.
Tools such as Maltego are used to conduct said investigations because they are able to digest large amounts of data, display it graphically, and discover connections between its pieces. As a result, they make data more accessible and help improve metrics.
There is a wide variety of tools used to conduct investigations based on link analysis techniques. Investigators need to be able to consider their options based on criteria such as pricing, learning options, customizable features, data integrations, and collaboration options.
What to Consider When Choosing a Graphical Link Analysis Tool 🔗︎
Pricing and Deployment 🔗︎
Different teams and organizations need different offerings to satisfy their needs and fit their budgets. Pricing should be simple and straightforward, without hidden fees. Specific costs for services such as premium technical and customer support, development, and consulting all need to be addressed openly during the procurement process.
Deployment options need to be versatile and uncomplicated to provide a return on investment to the organization within the shortest time possible.
Maltego offers pricing options for individual investigators, small teams, and larger enterprise teams. It also provides customers with the ability to choose between different options to improve their Maltego package and deploy it based on their individual needs and budgets.
Onboarding & Learning 🔗︎
Analysts do not have the luxury of time when it comes to learning how to work with and integrate solutions into their existing workflows. The more intuitive the tool, the easier the learning curve and the lower the deprecation risk will be. Resources such as documentation and online tutorials addressing the tool’s features and its different use cases are a vital part when it comes to considering an offering.
Maltego is a very intuitive tool which is easy to onboard even for non-technical personnel thanks to its point-and-click logic. In the past two years, we have improved and expanded the array of learning resources available to our users, which now consists of an online documentation portal, use cases and whitepapers published on our website, tutorial videos on our YouTube channel, and our learning platform to facilitate self-paced learning which complements our in-person training.
Data Integrations 🔗︎
Tools are only as useful as their capability to be easily assimilated into a team’s existing infrastructure and workflows, along with internal data repositories and third-party intelligence providers. Out-of-the-box integrations with popular data and intel providers should be at the top of the requirements list, as they ensure a faster deployment and onboarding process. A tool that causes vendor lock-in or constricts the analysts’ job has no room in the present market.
Maltego features a variety of OSINT and third-party data sources in the Transform Hub, including deep and dark web, cryptocurrency, social media, person-of-interest, company intelligence, network, and infrastructure, and more.
Our data integrations allow investigators to pivot from one Entity to another and from one data repository to the next. Seamless integration of internal data into Maltego is also a possibility for organizations, where they can securely and effectively collaborate on investigations while remaining compliant. On top of that, Maltego is able to integrate with other tools such as SIEM, UBAs, ticketing systems, case management and evidence systems, and digital forensics tools. For all of these options, Maltego offers integration services on-demand.
Variety of Layouts & Views 🔗︎
A variety of layouts and views help achieve faster and better identification and understanding of connections between the pieces of information in a graph, especially when it comes to large and complex data sets. Different layouts will allow analysts to better visualize data for different types of investigations. A variety of views will help them zero in on the most relevant data and the connections between them more efficiently.
With Maltego, investigators can choose between five different layout modes (block, hierarchical, circular, organic, and interactive organic), and eight different views (graph view, list view, ball size by diverse descent, ball size by links -all-, ball size by incoming links, ball size by outgoing links, ball size by rank, and ball size by weight).
Graphs can quickly become hard to manage depending on the number of Entities they contain. Visual cues, such as colored bookmarks and notes, are vital for investigators to be able to navigate more efficiently, making it easier to share results that are easier to understand.
Both individual investigators and analyst teams need to be able to automate certain repetitive tasks to speed up the data mining step of their investigations and allow more time for visual analysis.
It is also important to be able to develop and implement specific queries to perform analysis according to the investigative needs and objectives of a team or organization.
Maltego provides a wide variety of customization options including bookmarks and notes, automation using Maltego Machines which can also be designed by the customer, and last but not least, an easy approach to developing custom Transforms to perform data queries.
Collaboration and Reporting 🔗︎
A tool allowing some level of collaboration is always preferable. Iterative processes help analysts to get a fresh perspective or the benefit of expertise from colleagues within an organization which will help to further speed up investigations. Having the ability to share results at different stages and with different audiences is vital. The broader the options for exporting data and graphs, the more useful the results provided by a tool will be, not only to the analyst but to different stakeholders.
Maltego offers a wide array of different options to extract data from the tool for reporting and collaboration purposes. From exporting to tables to saving image and XML files of graphs, to developing a written report in PDF format. Maltego has been designed to make the investigator’s life easier all around.
Make Maltego Your Own 🔗︎
If you want to learn more about how Maltego can help your teams and organizations conduct effective investigations, schedule a demo with our experts today!
Download the infographic here to share with your friends, family, and colleagues.