Contact Us    Webinars   
Blog

Link Analysis & Timeline Analysis In Digital Forensic Investigation

MailXaminer | December 1st, 2018 | Forensics

In this article, we are going to discuss the topics Link Analysis in Digital Forensics and Timeline Analysis in Digital Forensics. These are two important processes used for the criminal investigation in which find the relationship existing and the communication takes place between the users within a time period.

What is Link Analysis and its feature?

Link Analysis is a Data Analysis technique used to analyse the relation or connection between the network nodes. These relationships can be between any type of object like node, people, transaction, organization and also the links can be physical, digital or relational. It provides certain kind of knowledge that can be used to visualize data for better analysis, especially in the context of links, and also check whether the link or relation exists either between people or different entities.

Link Analysis is often used in Search Engine optimization, security analysis, market, and medical research and also use Link Analysis in the criminal investigation for Digital forensic purposes. It uses Link Analysis software to perform the analysing process.

For Ex: In Search Engine Optimization (SEO) point of view Link Analysis means analysing all the links and related pages or sites present the website to find out whether they are active or dead. This information can be very important in Search Engine Optimization. But in Networking Link Analysis involves determining the integrity of connections between each network nodes by the transaction of data through both physical and virtual links.

Link Analysis in Digital Forensics

In Digital Forensic Link Analysis means determining the relation or the connection between the network nodes or users. It is mainly used in the investigation of criminal activities. This Link Analysis in helps the examiner to make the visual representation of communication take place between the persons involved in that crime. The complexity of the Link Analysis depends on the number of links exist in each communication. Link Analysis in criminal investigation reduce the process time and also help the examiners to reach the proper conclusion very fast.

In the context of Crime Analysis, the Link Analysis in Digital Forensics process will mainly do on a set of email data. That is the investigators try to find out the relationship between different senders and receivers in the particular scenario. It is mainly like a chain process because in Digital Forensic from one email user the examiner will try to find out the connected email users through their email and other data that they are used to communicate.

Link Analysis in Digital Forensics and Timeline Analysis in Digital Forensics are the processes perform to find the relationship between the node, people, transaction, and organizations in a time period, try the Digital Forensic Software offered by SysTools which provide both these features in the same platform. With this automated solution, Forensic Investigator / Examiner can investigate email fraud in the transaction and digital crimes. To use this feature, follow the section given below.

Using Link Analysis Feature with MailXaminer

In this section, we will see how we will find out the relationship between users via the Link Analysis Software Intelligence feature of MailXaminer.

Step 1: Search Option

Click on the “Search section” on the MailXaminer to find out the specific keyword related files.

search option

Step 2: Open Link Analysis

Select the “Link Analysis” option from the Analytics option from the top right pane to perform Link Analysis in the criminal investigation.

Analytics option

Step 3: Select Email Address

Check the box infront of email addresses obtained from the keyword search. MailXaminer provides an additional option of “Date Filter” to select emails of the specific date range. Then click “Generate” button to find the existing relationship between selected email addresses.

date filter

Step 4: View Relationship Between Users

MailXaminer displays the relationship between the selected mail addresses and also shows Mails, Calls, Chats, SMS details.

link analysis

Step 5: View Related Emails

This Link Analysis software feature also provides the option to view the related email conversation between the selected email users.

email view

Step 6: Exporting Related Emails

Click the Export option to generate the report of the link analysis and also allow to save the result. The tool provides an option to select specific mail and export.

selecting email

Step 7: Export Options

In the export option, MailXaminer provides an option to export data into various file formats like PDF, PST, MSG, HTML etc.file format

Step 8: Export Settings

From the exporting setting, you can change the additional settings according to the file format you selected to export.

Export Settings

 

 

Use of Timeline Analysis in Digital Investigation

Timeline Analysis is mainly used for various investigation purpose which involves collecting information within a particular time frame. It is a great technique to determine the activity occurred on a system at a certain point in the time which helps to make inferences very fast and easy manner. The word timeline indicates displaying a list of events in a particular order.

Normal Timeline Analysis for Computer Forensic investigation can be performed on different type lines like text timeline, number timeline, graphical timeline etc. according to the purpose. Each Timeline models provides different views of the data. Through Timeline Analysis an analyst can easily find out when a particular event happened and what are the other events or transactions happened at the same time interval and how they are related.

Timeline Analysis in Digital Forensics Investigation

Timeline Analysis in Computer Forensic is used for the investigation purposes mainly for answer the questions related to date and time. This process will be very helpful in the case of having a lot of information related to the particular event. Timeline Analysis is represented in the graphical form it is very useful in Digital Forensic to determine when the event or transaction occurs. Timeline Analysis in Digital Forensics gives the clear information through the specific year, month, date views.

It will help you in the case when you need to know the details about the transactions take place at a particular date and how they are related to each other. The main purpose of using Timeline Analysis for investigation is to obtain the graphical view of transaction hence to is easy for examiners to evaluate and make decisions based on it.

 Timeline Analysis Feature In MailXaminer

Using Timeline Analysis Software feature, Forensic Investigator or Examiner can view email conversation details between Sender & Receiver according to specific Year, Month and Date.

Step 1: Open Timeline Analysis

Choose “Timeline Analysis” from MailXaminer Analytics option from the top right corner of the dashboard to perform Timeline Analysis for investigation.

Analytics option

It will show you the graphical result and this Timeline Analysis software feature provides the option to see the result by specific Year, Month and Date.

Timeline Analysis

Step 2: Examine Email Details Year Wise

This Timeline Analysis tool provides you the option for viewing emails according to the specific year. It provides information like what type of communication is taking place for Ex: Email, Chat, Call.

Year Wise

Step 3: Preview Email Month wise

It also provides the Information of communication taken place during particular Month similar to Yearly view.

Month wise

Step 4: Inspect Emails According to Date

This Timeline Analysis Forensic Tool not only gives the view of Monthly and Yearly communication it also provides the communication details during the specific date. It gives you the information like whether any communication takes place at a particular date or not.

Date Wise

Step 5: Customizing Items

Click on the “Setting Gear” icon to customize the data items according to the choice.

Customizing Items

Step 6: Select Color

To change the custom color option of the different sections such as Mails, Attachments, Chats, SMS etc. Click on “Item Color Setting”. It will help to differentiate between Mail, Chat, Call etc. from the graph and help in fast Timeline analysis in Forensics.

Item Color Setting

Step 7: View Related Emails

MailXaminer also provides the option to view the related email from the Timeline Analysis process. Right click on the timeline bar which is to be view and select the option “View Selected Items”.

email view

Step 8: Preview Email-Details

Now Preview the Email-Details of the resulted Mails. As Tool displays “meta -Details” such as Subject, From, To, Sent, Received, MD5 etc.

Preview the Email

Step 9: Export Timeline Analysis Result

Timeline Analysis process also provides the option to export data into various file formats like PDF, PST, MSG, HTML etc. similar to Link Analysis software feature.

export option

Step 10: Printing Result

The tool provides the printing option to generate the report of the Timeline Analysis artifacts for the submitting purposes mostly in PDF file format.

printing result

Conclusion

Link Analysis in Digital Forensics is the process of finding connection or relationship between network nodes or users and Timeline Analysis in Digital Forensics is performing to obtaining the information with related to the time period. MailXaminer is a Digital Forensic software tool which provides both these features in a single platform that will help the investigators to visualize and obtain the information in a timely manner and also help to create an effective report using the obtained information.