- Blog
- 01.11.22
Time is a flat circle: optimizing digital investigations
Reading time: 7 minutes
 
				Analysts often emphasize that investigations are laborious and time-intensive. And it's true that investigations are highly complex, requiring a great deal of diligence.
This complexity can lead to delays, frustrating teams and making it inherently difficult to put realistic time frames on any kind of investigation.
But complexity is not the only reason why investigations often take more time than they should. Modern investigations usually involve various inefficiencies that simply waste time.
For example, report writing, as well as the cleaning, collation, and organization of data, can be just as time consuming as the investigation itself, if not more so. To tackle this, many firms have begun to invest in powerful and automated data collection tools. However, much less attention has been given to the actual “analysis” stage of investigations.
Many analysts will understand the pain of having to return to disparate points in ongoing investigations. They may have to write interim reports, edit an errant data piece, or loop another analyst or stakeholder into the complexities of a given case, but all of it takes time and mental energy.
Additionally, analysts often need to rely on legacy and outdated software solutions to report findings and wrap up investigations, leading to further delays.
Below, we explore some of the most common time-wasting issues. These can disrupt analysts’ workflows and delay the completion of investigations and the sharing of conclusions, to the detriment of the analysts themselves and their end clients.
Data cleaning and collation
For many analysts, data cleaning, collation, and organization are the greatest time sinks slowing down their investigations. Analysts routinely work with disparate data sets in a wide variety of formats, often lacking the tools they need to effectively centralize their data and then analyze and manipulate it efficiently.
Analysts still commonly use Excel spreadsheets (CSVs, XLS documents, and so on) to store and aggregate their data. In some ways, these documents are convenient to use as they are almost universally compatible and are surprisingly powerful considering their ostensible simplicity. In addition, analysts often have to investigate a wide variety of files, such as Word and PDF documents, audio files, and more; these are also commonly stored in spreadsheets as links.
However, spreadsheets have several significant downsides. Firstly, they are often unwieldy for even moderately complex tasks, and some degree of knowledge is required to properly clean and organize data when using them. Some newcomers to the market have innovated and supported advanced features like lambda functions and regular expressions to make spreadsheets more effective for cleaning. But even relatively basic features, like duplicate detection and deletion, formatting URLs, and others require analysts to write scripts of varying complexity – often negating any time saved.
These features, while certainly a step in the right direction, don’t completely solve the issue of slow investigation workflows. Many analysts can recount harrowing stories of manually editing data for hours and endlessly converting file formats due to inadequate software.
The requirements of various end customers when it comes to reports and data sets also complicate the jobs of analysts. In some cases, analysts must spend more time adapting their data sets and tweaking commas and periods to their end customers’ requirements than they spend creating the given data sets.
Data integration
The ubiquity of spreadsheets for data storage and cleaning often makes them an analyst’s first stop for integrating various data sources. Analysts often store disparate data sets in different tabs in either the same or different spreadsheets, making specific data points difficult to find and even more difficult to manipulate quickly. Analysts also have to find, access, and juggle siloed and disparate sources of information – ranging from on-prem databases and servers to specific online directories and services.
Moreover, the relevant knowledge is sometimes held by a person or a group of people and must then be released and integrated into the investigation workflow. These inefficiencies in data storage and communication often force analysts to convert data sets into universal formats manually, creating potentially huge time sinks for investigations.
Cross-referencing
One of the key functions of most analysts is cross-checking and cross-referencing information. This can take more time than expected, as checking one piece of information against a sea of others requires meticulous organization in spreadsheets or other data storage formats. Additionally, it requires a strong ability to assess credibility and relevance. Furthermore, having access to the creation date or origin of given information is often key to effectively utilizing it as well. Curating different data, determining its relation to other information, and describing/storing these relationships can all be extremely time-consuming.
Utilizing stored data
Spreadsheets can be useful when working with some data types but not all of them. Data formats including images, videos, documents, and more all have to be effectively stored and utilized. The reports that analysts create based on this data – and any associated conclusions, assumptions, and insights – must also be stored somewhere accessible. However, spreadsheets are inadequate for this purpose.
Additionally, identifying and exporting data from some systems to external spreadsheets can be laborious and time-consuming. Beyond this, analysts may also need to eventually re-update internal systems with new spreadsheets. This can be a tedious, manual process that can eat into an analyst’s time, and drain their mental energy, adding to the inefficiencies.
In short, both raw data and the insights that analysts draw from it must be easily findable, accessible, and usable – but inefficient and complex data storage methods make this very challenging.
Data visualization
Data visualization is one of the later stages of an investigation and involves turning investigative findings into easy-to-understand charts, graphs, and other representations that can enable end clients to better understand the information and make a decision based on what they see.
We can’t expect all investigative analysts to be data scientists and analysts as well – it’s neither their role nor their area of expertise. Data visualization is key to quality reporting, but often takes a great deal of time — whether investigators are creating graphs in spreadsheets or working with complex external tools. Manually creating graphs and charts and other methods of beautifying reports takes a lot of time, and end customers often are unsatisfied with or less engaged by “ugly” or bare-bones reporting.
So, to satisfy customers, analysts are commonly forced to spend time making visualizations more aesthetically pleasing – something that is far outside their expertise and usual remit.
Collaboration
Collaborating with others – be they analysts or managers – on investigations can be a Sisyphean effort at times. Every element of collaboration is in danger of becoming needlessly difficult, including sharing data and files securely , tracking changes from multiple teams and individuals, delegating parts of an investigation, and more.
Additionally, collaboration vectors are often needlessly diverse; on different occasions, information might be transmitted by emails, phone calls, messages, printed documents sent by courier, or via a host of other methods. Such (often arbitrary) inconsistencies in communication require extra effort, lead to miscommunication, and ultimately waste time.
Report writing
Report writing is one of the most important – if not the most important – elements of an investigation. Despite this importance, inefficient processes often still take up time that could be used more productively. Complex investigations include potentially dozens, hundreds, or even thousands of disparate data points that can’t always be easily placed in pre-made templates.
To deal with this, analysts must justify their work – sometimes conducted months earlier – in long, highly tailored reports, eating up hours of valuable time and often requiring skills outside of the analysts’ expertise. Similarly, integrating multimedia content into reporting, as well as visual aids and graphs, can further waste time, since simply placing them in a document can be a cumbersome task.
Falkor: for more efficient investigations
Falkor is a tailor-made platform built specifically to simplify the work of analysts and others involved in every stage of an investigation.
The Falkor platform makes collecting, organizing, linking, and storing data easy. Visualize data, collaborate with team members and external organizations, integrate new data in seconds, automatically link with databases, and much more.
The first platform of its kind anywhere in the world, Falkor is used by law enforcement agencies, financial institutions, and private-sector firms to make investigations more efficient.
More resources
- 
     Beyond the Google Doc: How analysts are evolving the way they share insights Beyond the Google Doc: How analysts are evolving the way they share insightsBeyond the Google Doc: How analysts are evolving the way they share insights- Blog
- 16.05.22
 
- 
     The Missing Link: Link Analysis in Financial Crime Investigations The Missing Link: Link Analysis in Financial Crime InvestigationsThe missing link: link analysis in financial crime investigations- Blog
- 12.09.22
 
- 
     See no evil, hear no evil: siloed trust and safety teams See no evil, hear no evil: siloed trust and safety teamsSee no evil, hear no evil: siloed trust and safety teams- Blog
- 21.09.22
 
- 
     Layers on layers on layers: information security investigations Layers on layers on layers: information security investigationsLayers on layers on layers: information security investigations- Blog
- 28.11.22