Link Analysis & Timeline Analysis In Digital Forensic Investigation

MailXaminer | December 1st, 2018 | Forensics

In this article, we are going to discuss the topics Link Analysis in Digital Forensics and Timeline Analysis in Digital Forensics. These are two important processes used for the criminal investigation in which find the relationship existing and the communication takes place between the users within a time period.

What is Link Analysis and its feature?

Link Analysis is a Data Analysis technique used to analyse the relation or connection between the network nodes. These relationships can be between any type of object like node, people, transaction, organization and also the links can be physical, digital or relational. It provides certain kind of knowledge that can be used to visualize data for better analysis, especially in the context of links, and also check whether the link or relation exists either between people or different entities.

Link Analysis is often used in Search Engine optimization, security analysis, market, and medical research and also use Link Analysis in the criminal investigation for Digital forensic purposes. It uses Link Analysis software to perform the analysing process.

For Ex: In Search Engine Optimization (SEO) point of view Link Analysis means analysing all the links and related pages or sites present the website to find out whether they are active or dead. This information can be very important in Search Engine Optimization. But in Networking Link Analysis involves determining the integrity of connections between each network nodes by the transaction of data through both physical and virtual links.

Link Analysis in Digital Forensics

In Digital Forensic Link Analysis means determining the relation or the connection between the network nodes or users. It is mainly used in the investigation of criminal activities. This Link Analysis in helps the examiner to make the visual representation of communication take place between the persons involved in that crime. The complexity of the Link Analysis depends on the number of links exist in each communication. Link Analysis in criminal investigation reduce the process time and also help the examiners to reach the proper conclusion very fast.

In the context of Crime Analysis, the Link Analysis in Digital Forensics process will mainly do on a set of email data. That is the investigators try to find out the relationship between different senders and receivers in the particular scenario. It is mainly like a chain process because in Digital Forensic from one email user the examiner will try to find out the connected email users through their email and other data that they are used to communicate.

Link Analysis in Digital Forensics and Timeline Analysis in Digital Forensics are the processes perform to find the relationship between the node, people, transaction, and organizations in a time period, try the Digital Forensic Software offered by SysTools which provide both these features in the same platform. With this automated solution, Forensic Investigator / Examiner can investigate email fraud in the transaction and digital crimes. To use this feature, follow the section given below.

Using Link Analysis Feature with MailXaminer

In this section, we will see how we will find out the relationship between users via the Link Analysis Software Intelligence feature of MailXaminer.

Click on the “Search section” on the MailXaminer to find out the specific keyword related files.

From the top left pane click on the Analytic option and select the “Link Analysis” option to perform Link Analysis in criminal investigation.

link analysis

Check the box infront of email addresses obtained from the keyword search and then click on the “Generate” button to find the existing relationship between selected email addresses. MailXaminer also provides the option of “Date Filter” to select emails of the specific date range.

The forensics tool displays the relationship between the selected mail addresses through graphical representation and also shows Mails, Calls, Chats, SMS details though which they are related.

This Link Analysis software feature also provides the option to view the related email conversation between the selected email users.

Click the Export option to export the selected email data into various file format. This will allow examiner to save the link analysis result. The tool also provides the option to select specific mail and export.

In the export option, MailXaminer provides an option to export data into various file formats like PDF, PST, MSG, HTML etc.

From the exporting setting, you can change the additional settings according to the file format you selected to export. Which help to maintain folder hierarchy, Exclude duplicates, Export as source etc.

Use of Timeline Analysis in Digital Investigation

Timeline Analysis is mainly used for various investigation purpose which involves collecting information within a particular time frame. It is a great technique to determine the activity occurred on a system at a certain point in the time which helps to make inferences very fast and easy manner. The word timeline indicates displaying a list of events in a particular order.

Normal Timeline Analysis for Computer Forensic investigation can be performed on different type lines like text timeline, number timeline, graphical timeline etc. according to the purpose. Each Timeline models provides different views of the data. Through Timeline Analysis an analyst can easily find out when a particular event happened and what are the other events or transactions happened at the same time interval and how they are related.

Timeline Analysis in Digital Forensics Investigation

Timeline Analysis in Computer Forensic is used for the investigation purposes mainly for answer the questions related to date and time. This process will be very helpful in the case of having a lot of information related to the particular event. Timeline Analysis is represented in the graphical form it is very useful in Digital Forensic to determine when the event or transaction occurs. Timeline Analysis in Digital Forensics gives the clear information through the specific year, month, date views.

It will help you in the case when you need to know the details about the transactions take place at a particular date and how they are related to each other. The main purpose of using Timeline Analysis for investigation is to obtain the graphical view of transaction hence to is easy for examiners to evaluate and make decisions based on it.

Timeline Analysis Feature In MailXaminer

Using Timeline Analysis Software feature, Forensic Investigator or Examiner can view email conversation details between Sender & Receiver according to specific Year, Month and Date.

Choose “Timeline Analysis” from MailXaminer Analytics option from the top right corner of the dashboard to perform Timeline Analysis for investigation.

The Timeline Analysis software feature provides you the graphical representation of email data in specific Year, Month and Date wise.

This Timeline Analysis tool provides you the option for viewing emails according to the specific year. It provides information like what type of communication is taking place for Ex: Email, Chat, Call

It also provides the Information of communication taken place during particular Month similar to Yearly view.

This Timeline Analysis tool not only gives you the view of Monthly and Yearly communication it also provides the communication details during the specific date. It gives you the information like whether any communication takes place at a particular date or not.

Click on the “Setting Gear” icon to customize the data items according to the choice.

To change the custom colour option of the different sections such as Mails, attachments, chats, SMS etc. Click on “Item Colour Setting”. It will help to differentiate between Mail, Chat, Call etc. from the graph and help in fast Timeline analysis in Forensics.

After the Time Analysis process the forensic tool allows the user to view the email data on the time basis. Right click on the timeline bar from which you want to view the email data and select the option “View Selected Items” obtain the list of email data on that time period.

Now Preview the resultant email data with its meta details. The tool also displays meta -details such as Subject, From, To, Sent, Received, MD5, Size etc.” as a summery without opening the message.

Timeline Analysis process is also provides the option to export data into various file format like PDF, PST, MSG, HTML etc. similar to Link Analysis software feature which helps to save and refer the collected information in the various stages analysis.

Through the printing option provided by the analysis tool examiner can easily generate the hard copy of the Timeline analysis artifacts for the court submitting purpose. Mostly these reports are generated in PDF file format.


Link Analysis in Digital Forensics is the process of finding connection or relationship between network nodes or users and Timeline Analysis in Digital Forensics is performing to obtaining the information with related to the time period. MailXaminer is a Digital Forensic software tool which provides both these features in a single platform that will help the investigators to visualize and obtain the information in a timely manner and also help to create an effective report using the obtained information.