What is Maltego
Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.
Maltego uses the idea of transforms to automate the process of querying different data sources. This information is then displayed on a node based graph suited for performing link analysis.
There are three versions of the Maltego client namely Maltego CE, Maltego Classic and Maltego XL. In addition to these three version we also offer CaseFile which is an completely offline version of Maltego. All three Maltego clients come with access to a library of standard transforms for the discovery of data from a wide range of public sources that are commonly used in online investigations and digital forensics.
Because Maltego can seamlessly integrate with nearly any data source many data vendors have chosen to use Maltego as a delivery platform for their data. This also means Maltego can be adapted to your own, unique requirements.
Which Maltego version is right for me?
The main difference between Maltego Classic, XL and CE are the number of entities that can be returned from a single transform and the maximum number of entities that can be on a single graph. CaseFile on the other hand is mostly used by analysts using offline data who do not need access to the standard transforms within Maltego.
The table below provides details on the differences between the four clients:
|Maltego XL||Maltego Classic||Maltego CE||CaseFile|
|Access to commercial Transform Hub||N/A|
|Use with Internal Transform servers||N/A|
|Standard OSINT Transforms|
|Max number of results per transform||64,000||10,000||12||N/A|
|Max number of entities on a graph||1, 000, 000||10,000||10, 000||N/A|
|Graph Export (CSV, XLS, XLSX, PDF and Image formats)|
|Graph Import (CSV, XLS, XLSX)|
|Shared Graph Sessions (Collaboration)|
|Machines (Transform Macros)||N/A|
What does Maltego do?
The focus of Maltego is analyzing real-world relationships between information that is publically accessible on the Internet. This can includes footprinting Internet infrastructure as well as finding information about the people and organisation who own it.
Connections between these pieces of information are found using open source intelligence (OSINT) techniques by querying sources such as DNS records, whois records, search engines, social networks, various online APIs and extracting meta data.
Maltego provides results in a wide range of graphical layouts that allow for clustering of information which makes seeing relationships instant and accurate – this makes it possible to see hidden connections even if they are three or four degrees of separation apart.
Maltego is easy and quick to install - it uses Java, so it runs on Windows, Mac and Linux.
- Maltego runs on Java 8 64 bit.
- A Maltego client requires at least 2GB of RAM, but the more the merrier as Maltego loves memory.
- Any modern multi-core processor will have more than enough processing power.
- 4GB of disk space should be more than enough.
- Using a mouse makes navigating Maltego graphs much easier and is definitely recommended.
- A Maltego client requires Internet Access to operate fully.
- The client will need to make outgoing connections on the following ports: 80, 443, 8081. Additionally port 5222 is needed to join shared graphs on Paterva’s public Comms server.
- Please note that a Maltego client may need to make connections on additional ports if the client is using transform from 3rd party transform vendors from the Transform Hub.