How to Visualize Investigations

Visualization can help close an investigation and help communicate the findings. Corporate investigations manager Brandon Gregg explains common tools and formats.

In security and investigations, the phrase "A picture is worth a thousand words" usually refers to CCTV footage or some evidence that proves a subject's guilt (or innocence). Unfortunately most corporate investigations rarely even touch upon cases with a lot of visual content, which can become rather large collections of three ring binders. While we all hope to present a smoking gun for our final report, sometimes presenting our case to law enforcement, lawyers, human resources and even our own management without the proper visual can keep even a solid case from closing.

Like children's books full of images deeply expanding short story lines into memorable tales, visualization can be an effective way to quickly and successfully present your investigation on a high level. Below are simple ways to transform even your most complex investigation into a storytelling flowchart.

My favorite tools, i2 Inc's Analyst's Notebook and their line of investigative analyst software, is the sports car to bring your investigations to life. From Analyst's Notebook's core power to pull vast amounts of data into visual connections (think of inputting millions of credit card transactions on an excel spreadsheet and in seconds pinpointing the point of compromise) to Text Chart gathering information out of your investigative report and making it into a visual chart explaining your case, i2 Inc's software turns any investigation into a masterpiece.

However, like a sports car, Analyst Notebook is on the costly side, starting for a few thousand dollars and working up with their additional tools. For those who are budget-conscience, you are not out of luck for visualizing your case. Microsoft's Visio and PowerPoint or Open Office's open source program Impress may lack i2's analytical power and custom criminal icons, but certainly can present your cases in a professional and clear manner.

Common investigation visualization formats

Once you decide on one of the tools above, you need to sketch what you are trying to explain. Some of the most common formats are:

  • organization charts
  • communication or time lines
  • asset allocation/background views

or a combination of these. Your charts can have as much or as little information as you feel is needed to explain the complex message you are trying to get across. Just remember to design it to flow like a story.

An Organizational Chart takes shape with your main subject (a basic box, icon/clip art or even photograph) at the top of a pyramid structure. Below this subject, you can branch off to describe the organizational levels no differently than your own company probably has outlined in its org chart. Lines can be different colors, thickness or dotted to reflect different things as well, i.e. confirmed link, unconfirmed, etc.

Asset Allocation/Background charts work great in a circle setup with the subject or business in the center of the page. Bank accounts, homes, vehicles, telephones, website accounts (facebook, flikr, etc) can be linked to the subject as a good reference sheet while you build your case or to be used during the final presentation.

Additionally time lines can be great visual supplements to your case file to show a chain of events, flows of information or any other process. From clearly showing time and dates to drawing a process with arrows, third parties can quickly understand how your case unfolded.

You can get creative and mix these different types of flow chart together. There is nothing wrong with showing off assets or an organization chart about subjects that are in the middle of the time line. Be creative and offer different "angles" of your charts as well, but as your investigation grows make sure you don't overwhelm your chart with too much irrelevant information that might cloud your point to your audience.

From basic homemade charts to professional analyst software, these tools are only as good as your imagination and ability to paint a clear picture.

Copyright © 2010 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations