Salient Logo
Salient Logo
forensic-investigation-tools

Using forensic investigation tools to uncover the concepts, context and content – ‘what’

In our first 5W1H article, we covered the first question of the 5W1H information gathering methodology – “who” – and how eDiscovery tools can be used to find the answers. Today, we’re diving into “what” – using forensic investigation tools to uncover the concepts, context and content that make up the matter under investigation. (The modern equivalent of sifting through endless box files to understand “what” has taken place.) 

To accelerate the pace of this previously time-consuming and labour-intensive process, Reveal offers a number of (highly effective) tools. 

Struggling with which forensic investigation tools to use and want faster insights? Get in touch >>

Using forensic investigation tools

5W1H Part 2: What?

Concept Search 

Reveal enables investigators to search by concept, using anything from a word to an entire document as a foundation for a broader concept search. Reveal then uses its understanding of the entire dataset to surface content with related concepts, and rank them by relevance or contextual distance.  

This can not only flesh out known concepts with additional context, but also introduce new concepts linked to the matter at hand that may otherwise have flown under the radar. 

Cluster Wheel 

Analysing vast quantities of unstructured data to fully understand “what” has occurred can be time consuming and labour-intensive. Reveal’s Cluster Wheel visualisation tool makes it much easier to filter out the noise – and so expedite results – by clustering documents or content records by their lexical and/or vocabulary similarities.  

These clusters can be explored manually, or searched using Concept Search to pinpoint areas of particular interest. Investigators can then focus in on the most relevant clusters and prioritise those documents or content records for review.   

Entity Search 

Entity Search leverages unsupervised machine learning to extract structured information (e.g. people, places, companies etc.) from unstructured data. This information is turned into metadata which can then be further analysed to reveal links between structured data in spreadsheets and structure extracted from free text.  

When properly visualised using (for example) Salient’s Concentric Ring model, this can offer an invaluable insight into the bigger picture of “what” is happening. 

Performance-boosting tips, tools and techniques 

By now, you’ve likely picked up that visualisations are powerful assets for revealing key insights, earlier, and for improving the overall speed and accuracy of investigations. This is far from the only forensic investigation tool that can improve performance in this area, however. 

Strategic application of capabilities like Continuous Active Learning (CAL) can be key to achieving faster insights. Machine learning models can also be pivotal, identifying specific types or classes of content for investigators, and then ranking documents to focus their attention on the most relevant content first.  

It’s also worth noting that, while most investigations involve data collected from an organisation, mobile devices like laptops and cellular phones can be equally rich sources of answers to the question, “What?”. 

Our digital forensics team is regularly deployed to image mobile devices. These images are pre-processed and deNISTed to reduce noise and identify focus areas. We then use AI to unearth relevant “dark data”, including images and audio/video files (which are tcan be transcribed) to be indexed and become searchableed alongside other content. 

A winning combination 

The right forensic investigation tools will always be a critical component of answering the 5W1H question of “what”. However, it’s important to recognise that most tools are only as good as the hands that wield them.  

The greatest ability to achieve fast and accurate results comes from having the knowledge and experience to use – and combine – capabilities strategically, and think both inside and outside the box as the situation requires. 

Using tools and analytics to answer the
5Ws and 1H in a forensic investigation

forensic-investigation

1. Who

The best starting point for answering the question of who is involved in a matter usually centres on communications.

Read the article >>

forensic-investigation-tools

2. What

eDiscovery tools are invaluable to uncover the concepts, context and content under investigation.

Read the article >>

forensic-analytics

3. When

Understanding when a digital footprint was left can be extremely valuable when aligning events in an investigation.

Read the article >>

forensic investigation techniques

4. Where

“Where” is a multi-faceted concept that encompasses a variety of data types and requires the use of various eDiscovery tools and methodologies.

Read the article >>

forensic-investigator-toolkit

5. Why

Why can be one of the trickiest questions to answer in an investigation and requires reading between the lines to analyse context/sentiment.

Read the article >>

digital forensic investigations

6. How

Understanding how typically requires sifting through vast bodies of potential evidence to find the “trail of crumbs” and follow it to its conclusion.

Read the article >>

We use our skills and advanced technology to help you find all the pieces in the puzzle faster and more efficiently. Find out how Salient Discovery could accelerate your next digital forensic investigation.