- E-books
- 06.11.22
To protect their communities, analysts must be jacks of all trades
For our ancestors, protecting their community meant keeping a sharp eye on the horizon for signs of enemies. Predators. Indications that fire or famine could be on the way.
Today, analysts also have to be constantly on the lookout for potential threats to their organizations, communities, or users.
The difference is that, nowadays, an attack could come from anywhere.
With so many of our communities now living online, bad actors aren’t constrained by distance. Their geographic location is more unpredictable. Their skills are broader. And it’s easier for them to fade into obscurity.
The result is that analysts can no longer afford to only be experts in their own domains. To prevent attacks and investigate wrongdoing, they must have a skill set as broad as the threat landscape – and as deep as the expertise of any individual bad actor.
Of course, it’s impossible for any one analyst to understand every field of expertise that could have a bearing on their investigation. But analysts can begin by becoming familiar with the three domains that most commonly affect modern trust and safety investigations – and, increasingly, investigations in general.
1. Cryptocurrency and blockchain
“Crypto” might still seem foreign to the average consumer, but it is increasingly popular with threat actors around the world – largely because cryptocurrency transactions are easily anonymized and more difficult to trace than standard currency transactions.
Cryptocurrency is playing a growing role in money laundering, payment for illegal goods, fraud, and a wide range of other crimes.
As a result, analysts in the following sectors must develop a good familiarity with cryptocurrency’s workings and its role in crime:
- Financial institutions
- Banks
- Government agencies
- Online platforms
- Financial crime units (e.g., anti-money laundering)
- Counter-terror finance bodies
But the challenge isn’t just knowledge-based; analysts must also be equipped with tools that can handle the unique complexity of cryptocurrency transactions.
To be able to efficiently follow leads and trace transactions – and deal with the confusion created by anti-tracking technology like cryptocurrency mixers – analysts must be able to ingest, process, visualize, and investigate massive amounts of technical data. More data than most platforms that aren’t purpose-built for blockchain can handle.
That’s why analysts often turn to specialized blockchain investigation platforms. But this isn’t a perfect solution, as these platforms often have frustrating UIs or struggle to integrate with an analyst’s day-to-day workflow.
2. Domain analysis
“Domain analysis” is the forensic investigation of an online infrastructure. And it’s become a crucial discipline for analysts aiming to:
- Expose the infrastructures of threat actors
- Provide actionable intelligence on online malicious activity
- Empower stakeholders to proactively protect their platforms and users
True domain analysis often involves diving into a tangled network of domains, hosts, and servers, so it’s hardly surprising that it often poses a significant challenge for analysts.
In order to truly understand the role of each domain and the connections between them, an analyst must have significant expertise in the fields of information security and the fundamentals of how networks operate.
They must have outstanding levels of analytical reasoning and know-how to run methodical investigations.
And they must be highly experienced in their own area of specialism – whether that be financial crime, counter-disinformation, fraud, or another field – so that they can understand the implications of their domain analysis for the wider investigation.
To create a clear picture of how the different domains should be demarcated, how they connect with each other, who owns them, and what their role might be in the investigation, analysts must grapple with a veritable mountain of data. This data can vary enormously in its organization, storage, and relevance to the investigation, but somehow analysts must collate it all, analyze it efficiently, and find the answers amid the chaos.
3. Messaging applications
The phone call, the email, and the letter have all been usurped. Nowadays, messaging platforms are where communication happens – which means they’re also a vital source of data for investigations.
It’s the privacy of messaging platforms that makes them so appealing to consumers and criminals alike. These platforms tend to be invite-only, with group members needing to approve new additions to their circle. And most platforms don’t have a search feature; users or analysts often have to be invited to join a group in order to know it even exists.
The popularity of these apps means that each platform houses an almost unimaginably vast pool of data; analyzing the content of a single channel could mean scraping or exporting millions of messages and hundreds of user profiles. And their exclusivity means that this data is very difficult to access without a good working knowledge of the intricacies of messaging platforms.
Even when analysts manage to gain access, storing and analyzing this data becomes yet another challenge. Without the proper investigative tools behind them, analysts often find that uncovering the truth is like looking for a very small needle in the world’s biggest haystack.
The key to multidomain investigations: don’t overlook the toolkit
Multidomain investigations are always challenging for analysts.
But it’s not just the need for deep, broad expertise that creates difficulties. Often, it’s the inflexibility and the limited capability of the tools that analysts must use that truly hold investigations back.
Each domain has its own set of specialized tools, which vary widely in their usability and analytical ability – most are legacy platforms with cumbersome UIs and old-fashioned feature sets. And, crucially, most of these platforms don’t integrate well with platforms from other domains. This makes it almost impossible for analysts to fuse all of the information they gather from multidomain investigations into one cohesive, clear final intelligence product.
Analysts either need the patience, time, and expertise to manually collate data from across multiple different platforms, or they need one platform that can stretch across different domains and investigations – flexible enough to adapt to new data formats and domains, and powerful enough to handle all the complexity of a multidomain investigation.
That’s why we created Falkor: a data-driven analytics, knowledge management, and investigation platform that works with any type of data, in any format.
Whether it’s a cryptocurrency transaction, a WHOIS registration change, or a post on a messaging platform, it all sits comfortably in Falkor.
Once data is uploaded and analyzed, it can then be fused automatically or manually with any other relevant data point in Falkor’s database, providing full data visibility and auditing to analysts.
It’s a tool that’s built for modern investigations: adaptable, flexible, and powerful enough to help analysts stay one step ahead of the threat landscape.
Want to find out more about why multidomain investigations are so important – and how analysts and their industries are adapting to the need for analysts to be “Jacks of all trades”?
Check out our whitepaper, Jack of all Queries, Master of Some: Contemporary Multidomain Investigations, to read the full story.
More resources
-
Eyes Wide Shut - Investigation Challenges for Trust and Safety TeamsEyes wide shut - investigation challenges for trust and safety teams
- E-books
- 08.09.22
-
The Future of Trust & Safety: Child Safety InvestigationsThe Future of Trust & Safety: Child Safety Investigations
- E-books
- 19.07.23
-
Insights on the digital future of investigations for modern analystsInsights on the digital future of investigations for modern analysts
- Research
- 20.04.22
-
Cognitive bias in investigations and how to avoid itCognitive bias in investigations and how to avoid it
- Tips
- 12.05.22