by James Billingsley
Keyword searching is the primary tool investigators use to identify relevant evidence in a data set. However, poorly chosen keywords can miss important items or return too many irrelevant results. As data volumes grow, investigators must find better ways to focus on the items of interest within very large data sets. Expert forensic technician and investigator James Billingsley explains how visualising communication networks, timelines, maps and links between data sources can rapidly establish key players, their locations and their involvement in a matter of interest – all supported by forensic artefacts required for provenance.
Before the advent of computing, investigators who sought evidentiary documents that were relevant to their case faced the painstaking task of sifting through all the available pieces of paper and handwritten notes until only the significant ones remained.