Link data in graphs, timelines, and maps to save time and accelerate investigations

Link analysis capabilities continue to grow in importance in a great many investigations, from homicide and sexual assault to property and pattern crimes. Read (and watch!) on — and at the end of the post, download our white paper — to learn how UFED Link Analysis can help you save time and effort in finding leads, establishing patterns, and maximizing the insights available for your investigations.

Construct case timelines from multiple mobile devices

Timelines are one of the most important elements of any investigation. Retrace a victim’s or suspect’s steps through the last hours, days, weeks or even months before an incident. Identify a subject’s patterns of behavior: the days and times s/he regularly visits or calls family members, does business, runs errands, etc. These patterns, as well as deviations from them, can be important in small or large ways.

Learn more about how to quickly visualize timelines in UFED Link Analysis in our video:

Import additional data sources for context

One of UFED Link Analysis’ most important features is the ability to import data from other sources; notably, carrier call detail records (CDRs), which can show the towers to which a suspect or victim device connected over a period of time. This can help establish both travel activity and stationary locations. CDRs can also reveal incoming and outgoing calls and, in some cases, text messages (depending on how long they retain the data).

Watch to learn more about pre-set formats and other features that make CDRs easy to import and analyze alongside device data:

Establish suspects’ and victims’ location behavior

Along with timelines, the maps within UFED Link Analysis can be a good way to narrow down a list of potential leads and establish subjects’ normal and abnormal patterns of behavior. Plot geolocation data from wifi access points, cellular towers, GPS apps, images and video to show two or more suspects in the same location at the same time. You can also do the same to show a suspect’s connection to a victim – or exonerate a suspect accused of wrongdoing.

Learn more about how Map View works in our video:

UFED Link Analysis’ versatility only starts with these features. Download our white paper for additional details about putting it to work for your investigations!



Better data organization through tagging in UFED Link Analysis 2.1

Our previous release of UFED Link Analysis introduced two major new features: the ability to import call detail records, and the ability to merge data sources.

As important to casework as these features are, managing data from two or more sources can quickly become unwieldy. Filters can help, but still may result in dozens of calls, chats, and other events. When you’ve done all the filtering you can and are at the stage where the only thing left to do is manually assess the data, you need another way to organize it.

UFED Link Analysis 2.1 introduces tagging, the ability to assign keywords or “tags” to each event or person. Tag data by whether it’s relevant or irrelevant to your case, whether it counts as evidence or intelligence, and/or whether it requires further follow-up—you can assign multiple tags to a single item. Tags are customizable according to your work process, and can be used to filter data further.

Also new with UFED Link Analysis 2.1: the timeline now contains locations, images, and audio and video files, presented based on logged or captured date and time. These data types add context to enable a better view of the sequence of events performed by subjects under investigation.

Additional data now available for viewing in UFED Link Analysis includes both sent and received attachments from MMS, emails and notes, application usage and installation (including date last used and usage frequency), user dictionary, searched items, maps and data files.

Read UFED Link Analysis 2.1 release notes here. For more on how to merge, or deduplicate, data from multiple data sources, watch our video: