 |
|
|
 |
What's New?
VAI is wrapping up development and is deep into testing on VisuaLinks 2.1. We expect this release to be very well-received by our user community. VisuaLinks 2.1 adds increased feature/functionality while improving its user interface design and ease of use. We are very excited about the results of this latest development efforts.
In the meantime, we are preparing to release our second 2.0 maintenance release (version 2.0.2). This release will address some issues reported by you, our user community, as well as enhance some of our existing features. As always, these changes are driven by user feedback. Look for this release very soon.
|
|
|
 |
| Here are a few tips and tricks to help you use VisuaLinks quickly and more efficiently. |
 |
 |
Exclude List
You can easily suppress "problem data" from your analysis using the Exclude List. If you find objects with keys that are problematic (like an SSN of '000-00-0000' or a phone number of '999-999-9999'), that are "short-circuiting" your displays (creating numerous invalid and distracting "noise" links), right-click the offending object and choose "Add to Exclude List." The selected key will be excluded from all future queries and data walks.
|
|
Have you ever accidentally added something to your Exclude List and wanted to remove it? To edit your Exclude List, use the Lists / Exclude Values List menu command. A list of the current exclude values will display for you to delete, or to add, new values.
|
 |
|
Hit List
You may have noticed that certain values are highlighted when you view memo fields. VisuaLinks let you track values in several lists - one of which is the "Hit List." The Hit List lets you keep a running list of values that are important to your analysis. To add a value to the Hit List, right-click on an object and choose "Add to Hit List" in the pop-up menu. The key for the selected object will be added to the Hit List and highlighted whenever it appears in a memo field. The Hit List can also be beaconed in the View quickly showing you all of the objects matching any value in your Hit List.
|
|
You can manually edit the Hit List to add and remove values using the Lists / Hit List menu command.
|
|
|
 |
VisuaLinks Maps
VisuaLinks has many different display options, including a powerful Mapping tool that lets you see how your data relates to geographic locations. The VisuaLinks Mapping tool allows you plot geographic data on a variety of maps making it a powerful analytical and presentation tool.
The VisuaLinks Mapping tool plots data that is defined in latitude and longitude values. If your data doesn't contain latitude and longitude values, VisuaLinks can still provide you with mapping through the use of a Disambiguator function.
The Disambiguator feature allows you to convert ZIP code values to latitude and longitude values so that you can still get great looking maps without having to rework your existing data. If your data source contains latitude and longitude coordinates that are not specifically labeled as such, you can use the Disambiguator to convert those values as well.
If, for example, you have a data set containing addresses for a specific type of store, you can use the Disambiguator to convert the ZIP code values into latitude and longitude values. This requires two transformations - one for each coordinate value: Zip Code to Latitude and Zip Code to Longitude. Once the transformations are complete, you can display the objects as plotted images on the maps that ship with VisuaLinks
With any data loaded into the VisuaLinks View, click the Mapping  icon. A Mapping tab opens in the Resource Tabs area and VisuaLinks searches for maps relevant to the loaded data. If any latitude/longitude data is found in the loaded data set, the Coordinates Found in Maps list shows all of the maps on which data is plotted.
Click a map name to view the plotted data. Maps with a .svgz extension resize with crisper resolution. The selected map displays in the right side of the window. Individual locations are marked by the icon defined for the object in the data model.
You can perform a number of functions with the displayed map including adding shapes and marker to the map, printing or saving the map and viewing details of any objects plotted on the map.
|
|
 |
BANG --- a shot from a gun rings out and a body slumps to the ground,
motionless, growing cold as it lays on the hard and unforgiving sidewalk. Sounds like a good opener to a murder
mystery novel; however, in the real world this situation represents the beginning of a "reactive" analytical process.
Reactive analyses are based on the pre-selection of an entity such as a person, organization, account, location,
shell-casing, DNA sample, or event. The entity of interest is already known and becomes the center, or focus,
of the analysis. Ultimately, the goal of a reactive analysis is to expand the network to find additional
clues and leads. In our example, the investigator would look at all aspects of the deceased subject to
determine what other people are related through family, business dealings, criminal records, or any other
source, to show unusual connections or associations that may possibly show a motive. Indirect relationships
through addresses, phone numbers, or vehicles would also be pursued by the investigator.
Following the path of connections, additional entities can be identified based on their connection(s) to the
original entity. To maintain the context of the analysis, any new entities then become the source for the
next level of inquiry. The investigator has the option to append or replace the current working data set
with new data to control how much or how little information will be displayed for any given object.
Within the Visual Clarity Suite (VisuaLinks and DIG) we refer to this process as "Walking the Data."
In much the same way as TV's Detective Colombo meticulously follows each lead within the context of his
investigations, "walking the data" is based on the same principle producing similar results based on
available data. Reactive analysis tends to be a very efficient technique because the scope of the
working data set is limited to the situation of interest and its related objects. Reactive analyses
account for the majority of approaches used for analyzing data in modern-day systems.
Ideally, all analyses should start using a proactive approach. Contrary to performing reactive
analyses where you are responding to a situation that is already known (e.g., a person has been killed,
a building has been bombed, money has been stolen), proactive analyses are used when a starting point
is not known or cannot be defined. The goal during proactive analysis is to discover interesting,
previously unknown patterns and trends. Once detected, the situation can be exploited to the benefit
of the investigating party such as exposing stock patterns, predicting criminal behavior, or circumventing terrorist plots.
The trick is in knowing how to approach a situation to expose the patterns (e.g., the methodology).
Often the data set selected for analysis should consist of a cross-section of data that is related
in some way. This cross-section is often termed a "proactive slice" of data. In many databases,
these slices can be easily defined using temporal instances (days, weeks, months, or other date ranges),
geographic regions (cities, counties, post-codes, or countries), or other data in particular value ranges.
Examples might include people associated with certain assets, communications on specific frequencies,
or financial transactions over a predetermined amount.
The VisuaLinks system was designed to perform proactive analytics and supports unique services
such as Query, Network Miner, Name Matcher, Duplicate Detector, Cross Database Query (XDBQ),
plus others. Each service is designed to process the underlying data to expose undefined patterns
or situations without having to explicitly specify a starting point. The output of these services
represents proactive slices of data that can be selected for more detailed review.
Proactive analyses quickly reveal objects because they either:
Appear as unique and isolated structures
Tend to occur with high frequency of occurrence
Exhibit unusual networks structures
Represent like/similar values.
Once a target object or set of objects has been identified using a proactive technique, you can review any related data associated with the object(s) regardless of their origin. At this point, the analysis turns to reactive mode, guaranteeing that all information for the target set will be seen. This process of iteration between proactive and reactive modes can continue until the desired results are achieved.
The following diagram shows a high-level depiction of proactive and reactive analyses.
The combination of both reactive and proactive analytical techniques provides a means for working on terabytes
of data because of how the process is managed for interpreting and analyzing the data. For example, consider how the
Internet is currently used. Typically, you can trigger an Internet search using a service such as Google® by
specifying a set of keywords related to a topic of interest. The search will generally be conducted over a large
quantity of processed HTML files, but can also be categorized by audio, images, newsgroups, and other file types.
At the time of publication, Google had over 3 billion pages referenced. Needless to say, this represents a very,
very large database.
The results of this proactive search are then passed back and presented as a list of pointers (e.g., the
proactive slice of data) whereupon a single entry (link) can be selected to present the targeted site.
Once the entry is chosen, you have shifted into reactive analysis. From the current site, there will be
other links to other sites, and so on. Thus, there is usually an inexhaustible list that can be used to
navigate the Internet.
As with any system, the more specific the query conditions, the more targeted the result set will become
and ultimately produce a better outcome. Additionally, using a combination of reactive and proactive techniques
ensures that the entire dataset can be used to support the analyses. In an ideal world, all analyses would be
initiated based on proactive techniques, so that we could predict and act on the patterns that were exposed.
We can only wait and hope.
|
|
 |
Recently, a large accounting firm used VisuaLinks in a large-scale corporate fraud investigation to identify multiple employees/vendors sharing one or more bank accounts.
After applying VisuaLinks to the database, Network Miner was used to expose patterns
within the Employee/Bank and Account/Vendor relationships. Over 2,500 results were generated. Upon review of the largest network (27 objects), it was determined that 21
employees were being paid into the same account and that two employees were being paid as vendors
According to one of the senior forensic analysts working the investigation, "We would not have caught this pattern
without being able to visualize the network. Our existing analytical methods only produce tables and are focused
on only employee/vendor combinations and not situations where numerous employees shared the same bank account.
VisuaLinks has proven to be a great addition to our suite of analytical tools."
|
|
|
 |
|
