5W1H is an information-gathering methodology that has been used by investigative journalists, detectives and researchers for over a hundred years. It’s designed to ensure all details relevant to an enquiry are successfully collected. This is done by asking five Ws (who, what, when, where and why) and one H (how).
Unsurprisingly, the same principles apply to eDiscovery and forensic investigations, where all available data must be interrogated to answer 5W1H. Our next series of articles will cover each of these crucial questions, individually, and explore how eDiscovery tools can be used to build an accurate picture of the answers.
We’ll also explain how our data forensic skills can add to the richness of this picture, and touch on the importance of a defensible process to ensure the evidence behind your 5W1H is properly preserved throughout the investigatory process.
The start of the forensic investigation
5W1H Part 1: Who?
The best starting point for answering the question of “who” is involved in a matter usually centres on communications.
You’ll want to find out:
- Who is talking to whom (across all communication channels, including email, chat and phones).
- Who is copied in (and is therefore potentially aware/complicit).
- Who is leveraging non-corporate channels to communicate (e.g. personal email or unsanctioned messaging apps).
- Who appear to be the key protagonists or influencers (based on inbound and outbound message volumes, etc).
In a forensic investigation, when it comes to identifying – and investigating – these trends and connections, Reveal’s powerful visualisation tools offer investigators an invaluable shortcut. Everything from participants’ message volumes to their communication connections and connection frequency is made immediately obvious by the combination of node and edge sizes, colours and icons used on Reveal’s “communication maps”.
These “maps” can be used to rapidly pinpoint trends, suspicious gaps, anomalous behaviours, concepts, and – importantly – persons of interest out of visualisations featuring hundreds, if not thousands of participants. Forensic investigators can then “zoom in” on these identified persons of interest to reveal the specifics of their communication behaviours, focussing in on relevant connections, content and context to support their case.
But what happens when the people involved in the matter don’t belong to a single organisation, or aren’t using formal communication channels? What about other relationships that link new people to an investigation, like shared business ownership? Can these also be visualised using Reveal?
The answer to that question depends on who you’re working with. With Salient on your side for your forensic investigation, it’s a resounding “yes!”. In fact, we’ve specifically developed a visual model to bring to light the connections found in complex, global networks of directorships, title deeds and contracts, for example, or indeed any other interrelated data sets. It’s already proven its worth in an investigation featuring a network of 10,000 interrelated entities, providing a birds-eye-view with full drill-down capabilities to focus on any entity or combination of entities at a time.
As for informal communication channels (e.g. messaging apps/WhatsApp), these too can be accommodated with a little bit of Salient data-smithing magic. Our preferred approach is to normalise all communication channels into one conversation paradigm, leaving no stone unturned in the quest to comprehensively answer the 5W1H question of “who”.
Want to find out how our forensic investigation support could accelerate your investigations?
Get in touch >>
Using tools and analytics to answer the
5Ws and 1H in a forensic investigation
1. Who
The best starting point for answering the question of “who” is involved in a matter usually centres on communications.
2. What
eDiscovery tools are invaluable to uncover the concepts, context and content under investigation.
3. When
Understanding when a digital footprint was left can be extremely valuable when aligning events in an investigation.
4. Where
“Where” is a multi-faceted concept that encompasses a variety of data types and requires the use of various eDiscovery tools and methodologies.
5. Why
Why can be one of the trickiest questions to answer in an investigation and requires reading between the lines to analyse context/sentiment.
6. How
Understanding how typically requires sifting through vast bodies of potential evidence to find the “trail of crumbs” and follow it to its conclusion.
We use our skills and advanced technology to help you find all the pieces in the puzzle faster and more efficiently. Find out how Salient Discovery could accelerate your next digital forensic investigation.