In our first 5W1H article, we covered the first question of the 5W1H information gathering methodology – “who” – and how eDiscovery tools can be used to find the answers. Today, we’re diving into “what” – using forensic investigation tools to uncover the concepts, context and content that make up the matter under investigation. (The modern equivalent of sifting through endless box files to understand “what” has taken place.)
To accelerate the pace of this previously time-consuming and labour-intensive process, Reveal offers a number of (highly effective) tools.
Struggling with which forensic investigation tools to use and want faster insights? Get in touch >>
Using forensic investigation tools
5W1H Part 2: What?
Concept Search
Reveal enables investigators to search by concept, using anything from a word to an entire document as a foundation for a broader concept search. Reveal then uses its understanding of the entire dataset to surface content with related concepts, and rank them by relevance or contextual distance.
This can not only flesh out known concepts with additional context, but also introduce new concepts linked to the matter at hand that may otherwise have flown under the radar.
Cluster Wheel
Analysing vast quantities of unstructured data to fully understand “what” has occurred can be time consuming and labour-intensive. Reveal’s Cluster Wheel visualisation tool makes it much easier to filter out the noise – and so expedite results – by clustering documents or content records by their lexical and/or vocabulary similarities.
These clusters can be explored manually, or searched using Concept Search to pinpoint areas of particular interest. Investigators can then focus in on the most relevant clusters and prioritise those documents or content records for review.
Entity Search
Entity Search leverages unsupervised machine learning to extract structured information (e.g. people, places, companies etc.) from unstructured data. This information is turned into metadata which can then be further analysed to reveal links between structured data in spreadsheets and structure extracted from free text.
When properly visualised using (for example) Salient’s Concentric Ring model, this can offer an invaluable insight into the bigger picture of “what” is happening.
Performance-boosting tips, tools and techniques
By now, you’ve likely picked up that visualisations are powerful assets for revealing key insights, earlier, and for improving the overall speed and accuracy of investigations. This is far from the only forensic investigation tool that can improve performance in this area, however.
Strategic application of capabilities like Continuous Active Learning (CAL) can be key to achieving faster insights. Machine learning models can also be pivotal, identifying specific types or classes of content for investigators, and then ranking documents to focus their attention on the most relevant content first.
It’s also worth noting that, while most investigations involve data collected from an organisation, mobile devices like laptops and cellular phones can be equally rich sources of answers to the question, “What?”.
Our digital forensics team is regularly deployed to image mobile devices. These images are pre-processed and deNISTed to reduce noise and identify focus areas. We then use AI to unearth relevant “dark data”, including images and audio/video files (which are tcan be transcribed) to be indexed and become searchableed alongside other content.
A winning combination
The right forensic investigation tools will always be a critical component of answering the 5W1H question of “what”. However, it’s important to recognise that most tools are only as good as the hands that wield them.
The greatest ability to achieve fast and accurate results comes from having the knowledge and experience to use – and combine – capabilities strategically, and think both inside and outside the box as the situation requires.
Using tools and analytics to answer the
5Ws and 1H in a forensic investigation
1. Who
The best starting point for answering the question of “who” is involved in a matter usually centres on communications.
2. What
eDiscovery tools are invaluable to uncover the concepts, context and content under investigation.
3. When
Understanding when a digital footprint was left can be extremely valuable when aligning events in an investigation.
4. Where
“Where” is a multi-faceted concept that encompasses a variety of data types and requires the use of various eDiscovery tools and methodologies.
5. Why
Why can be one of the trickiest questions to answer in an investigation and requires reading between the lines to analyse context/sentiment.
6. How
Understanding how typically requires sifting through vast bodies of potential evidence to find the “trail of crumbs” and follow it to its conclusion.
We use our skills and advanced technology to help you find all the pieces in the puzzle faster and more efficiently. Find out how Salient Discovery could accelerate your next digital forensic investigation.