 |
|
|
 |
What's New?
The long-awaited and highly anticipated VisuaLinks 4.0 is now posted and ready for download from the VAI Support Site.
We gave you a sneak preview of what's new in the 3rd Quarter LinkLetter. VisuaLinks 4.0 raises the bar on how analysis is done - providing one of the most powerful systems in the marketplace. VAI is proud to provide the quality analytical capabilities of VisuaLinks and continues to promote the training of analytical methodologies to help our user community better understand their data. End user feedback is critical and we encourage all users to communicate their likes and dislikes so we can improve our technologies.
Remember, we have three (3) new configurations: Standard, Professional, & Enterprise. VAI strives to accommodate the needs of a wide and diverse community of users. These new configurations allow you to get only what you need - saving time and money in the process. Determine which features make most sense to use within your organization.
We have also been working on the next level of features for a 4.x release of VisuaLinks. There are a number of new capabilities being implemented including a shared VBase, Cluster Alerts, and perhaps the most requested feature of all time --- UNDO. Yes, you heard it here first, that the "undo" feature will be available shortly. Of course there's a lot more, but we don't want to tip our hand entirely until we are ready for release.
|
|
|
 |
 |
...that VisuaLinks 4.0 can keep a history of the queries generated?
Each service (e.g., Query, Network Miner, Load, etc.) in VisuaLinks 4.0 now has a new History menu that lets users record and store previously run queries. This feature was added to help users recall common types of queries, frequently used values, and other related configurations. The use of the History function is "active" rather than passive, which means the user must decide which queries are to be saved into the History.
Once a service request has been configured, selecting the History menu and choosing Add to History will open a dialog where you can name and save the setup. At this point, a descriptive name should be provided so it can be easily recalled for future use.
 Taking advantage of this new feature can save a significant amount of time, especially when there are certain types of queries that are run time and again. Restoring a stored query is as simple as displaying the History and selecting the appropriate entry from the saved list.
Give this feature a try - we are certain you will find it very useful.
|
|
|
 |
VisuaLinks has included a mapping component since back in the early days of version 2.0. The internal maps have provided a very flexible and capable mapping feature that has been enhanced through the years. In fact, VisuaLinks 4.0 introduced a Geo Query service used to drag areas in a map or to specify distances from known locations to generate the queries. We have also provided external couplings to various ESRI products over the years including a lose integration with the ESRI Tracking Analyst to export data for presentation into their format.
In the latest-and-greatest VisuaLinks 4.0 Enterprise edition, we now offer an expanded mapping capability through the ESRI ArcGIS® Engine. Using the mapping components from the ArcGIS Engine, VisuaLinks 4.0 provides a much more comprehensive set of mapping options.
Any data that has been geo-encoded (natively or via our Disambiguator) can be easily presented using any of the mapping capabilities within VisuaLinks. Once the data is present in the display (as shown above), selecting the Maps service presents options for using the VisuaLinks Maps, ESRI Map, ESRI Globe, and Publish to Users capabilities. Selecting either of the ESRI options produces a pop-up that allows you to select and order the specific Latitude/Longitude values used (should there be multiple potential values contained within the selected objects).
Once selected, the default maps will appear in a separate window display. At this point, the ESRI ArcGIS Engine has been passed all of the necessary details to properly present the underlying data. Depending on the structure of the map itself, different layers will be present including Cities, Landmarks, Railroads, Streets, and Airports, to name just a few.
These maps are highly interactive and can be zoomed, panned, and navigated using a number of different techniques. Additionally, any linkages (associations) passed from VisuaLinks will be shown in the maps. Furthermore, the maps can be refreshed with new data simply by reactivating the Map service once the information is available.
All objects passed to the ArcGIS Engine are contained in the map and can be profiled to see the underlying detail. Although these profiles do not have the same look-and-feel as those contained in VisuaLinks, they present all the attributes as well as images associated with each of the objects.
Opening the ESRI Globe provides an alternative viewpoint on the geo-encoded data.
There are many different ways to present data using the ESRI Globe and layouts incorporate many countries and regions. Again, different layers can be shown/hidden using the globe format to show country outlines and other shape formats available from ESRI data.
For more information on ESRI products, we encourage you to visit www.esri.com to learn about their products and additional options that can be purchased including maps and shape files.
|
|
 |
When performing advanced analytics for different types of domains, whether for law enforcement, intelligence, or commercial fraud purposes, there tend to be common types of objects that form the foundation of the networks. Many times, people use the same address, the same identification number (e.g., a driver's license, passport, state ID), and most often a phone number. In fact, in a number of domains, especially in finance and banking, the phone number tends to be one of the most consistent elements for exposing distributed networks for people trying to avoid detection.
Keep in mind that phone numbers are frequently recycled by the telecommunication companies. It is therefore important to know the time frame of the data collection. In as little a six (6) months, a phone number can be canceled and reassigned to another person. If there are other commonalities, such as similar names, then the phone number is most likely valid and will expose a hidden network. This month's link chart shows a good example of this type of behavior.
Many times, an investigation starts with a known entity - a suspect, or a target of interest. In this example, a "tip" of possible terrorist financing was generated based on a Suspicious Activity Report (SAR) filed with the U.S. Department of Treasury. Working with law enforcement personnel, the tip was investigated to determine the overall threat. The following shows the first level of data.
The tip was originally filed by a bank because they observed a large number of wire transfers to the Middle East by one of their clients. These were initially reported to a field office for a large federal agency, but no additional detail or information turned up. The narrative for the SAR (a description of the suspicious activity as reported by the bank) mentioned that the activity seemed strange for "a small wireless reseller."
The next level of connections, shown below, reveals an address and a phone number for the suspect. This information is contained on the SAR (transaction) filed - thus, this diagram shows the entire detail for the SAR and, at this point, no additional information is known about the suspect based on the data provided (which is what the field office concluded).
Using the VisuaLinks Database Walk feature, the investigator expanded the network one additional level. Since each transaction is filed independent of every other, there is a chance to find networks based on the common use of the same values (e.g., names, addresses, accounts, ID numbers, and phone numbers). In this case, the investigator hits the jackpot. The next diagram shows there were two additional suspects connected to the phone number.
Analyzing this simple bit of data, investigators found that the same suspect was wiring money to different counties in the Middle East. To cover his tracks, he was using variations of the company names such as Wireless Cell, Inc, Wireless Cellular Corp, etc. Additionally, he used a different EIN/SSN (not shown) in two different states at multiple bank branches. Ultimately, the mistake that tied the network together was the reuse of the phone number on the transactions; the cell number of the suspect was recorded on each of the different SAR reports.
The next diagram shows a final expansion of the network. From these two additional suspects, there were five (5) additional SARs that confirmed the transfer of money to the Middle East. Law enforcement was easily able to construct the networks within VisuaLinks using the basic data provided. In fact, the overall network was exposed based on a simple bit of info that other investigators had missed using traditional approaches as well as other software packages.
The three suspects turned out to be branch companies that may be legit, but have different names (though similar) and different EIN/SSNs. These are company names and the suspect's name isn't directly listed on any of the transactions, though it does come up in one of the narratives. The other SAR filings had similar wire activity and one was filed because deposits for the store showed a significant amount of cash in $20, $50 and $100 bills but very few checks/credit card receipts - which is highly unusual for a cellular phone business.
There is additional supporting evidence in the narrative of one of the SARs, mentioning the account number of the original SAR as an account that he would use to transfer a large amount of money back and forth. Once again, it was not in the account section but the narrative. Overall, this shows a good example of how new types of patterns can be exposed within complex volumes of data.
|
|
|
 |
|
