Salient Logo
Salient Logo
forensic-investigation

Forensic investigations: answer the six questions that let the facts speak for themselves

5W1H is an information-gathering methodology that has been used by investigative journalists, detectives and researchers for over a hundred years. It’s designed to ensure all details relevant to an enquiry are successfully collected. This is done by asking five Ws (who, what, when, where and why) and one H (how). 

Unsurprisingly, the same principles apply to eDiscovery and forensic investigations, where all available data must be interrogated to answer 5W1H. Our next series of articles will cover each of these crucial questions, individually, and explore how eDiscovery tools can be used to build an accurate picture of the answers.  

We’ll also explain how our data forensic skills can add to the richness of this picture, and touch on the importance of a defensible process to ensure the evidence behind your 5W1H is properly preserved throughout the investigatory process. 

The start of the forensic investigation

5W1H Part 1: Who?

The best starting point for answering the question of “who” is involved in a matter usually centres on communications.

You’ll want to find out: 

  • Who is talking to whom (across all communication channels, including email, chat and phones). 
  • Who is copied in (and is therefore potentially aware/complicit). 
  • Who is leveraging non-corporate channels to communicate (e.g. personal email or unsanctioned messaging apps). 
  • Who appear to be the key protagonists or influencers (based on inbound and outbound message volumes, etc).

     

In a forensic investigation, when it comes to identifying – and investigating – these trends and connections, Reveal’s powerful visualisation tools offer investigators an invaluable shortcut. Everything from participants’ message volumes to their communication connections and connection frequency is made immediately obvious by the combination of node and edge sizes, colours and icons used on Reveal’s “communication maps”. 

These “maps” can be used to rapidly pinpoint trends, suspicious gaps, anomalous behaviours, concepts, and – importantly – persons of interest out of visualisations featuring hundreds, if not thousands of participants. Forensic investigators can then “zoom in” on these identified persons of interest to reveal the specifics of their communication behaviours, focussing in on relevant connections, content and context to support their case. 

But what happens when the people involved in the matter don’t belong to a single organisation, or aren’t using formal communication channels? What about other relationships that link new people to an investigation, like shared business ownership? Can these also be visualised using Reveal? 

The answer to that question depends on who you’re working with. With Salient on your side for your forensic investigation, it’s a resounding “yes!”. In fact, we’ve specifically developed a visual model to bring to light the connections found in complex, global networks of directorships, title deeds and contracts, for example, or indeed any other interrelated data sets. It’s already proven its worth in an investigation featuring a network of 10,000 interrelated entities, providing a birds-eye-view with full drill-down capabilities to focus on any entity or combination of entities at a time. 

As for informal communication channels (e.g. messaging apps/WhatsApp), these too can be accommodated with a little bit of Salient data-smithing magic. Our preferred approach is to normalise all communication channels into one conversation paradigm, leaving no stone unturned in the quest to comprehensively answer the 5W1H question of “who”. 

Want to find out how our forensic investigation support could accelerate your investigations?

Get in touch >>

Using tools and analytics to answer the
5Ws and 1H in a forensic investigation

forensic-investigation

1. Who

The best starting point for answering the question of who is involved in a matter usually centres on communications.

Read the article >>

forensic-investigation-tools

2. What

eDiscovery tools are invaluable to uncover the concepts, context and content under investigation.

Read the article >>

forensic-analytics

3. When

Understanding when a digital footprint was left can be extremely valuable when aligning events in an investigation.

Read the article >>

forensic investigation techniques

4. Where

“Where” is a multi-faceted concept that encompasses a variety of data types and requires the use of various eDiscovery tools and methodologies.

Read the article >>

forensic-investigator-toolkit

5. Why

Why can be one of the trickiest questions to answer in an investigation and requires reading between the lines to analyse context/sentiment.

Read the article >>

digital forensic investigations

6. How

Understanding how typically requires sifting through vast bodies of potential evidence to find the “trail of crumbs” and follow it to its conclusion.

Read the article >>

We use our skills and advanced technology to help you find all the pieces in the puzzle faster and more efficiently. Find out how Salient Discovery could accelerate your next digital forensic investigation.