Criminal network investigation: Processes, tools, and techniques
1. CRIMINAL NETWORK INVEST IGAT ION:
PROCESSES, TOOLS, AND TECHNIQUES
Ph.D. defense
by Rasmus Rosenqvist PetersenDecem ber 13th
2. Outline
Evaluation
Conclus ions and future work
Introduction
Method
Crim inal network inves tigation
T heory and technology (brief, prom is e)
Problem definition (a clos er look)
Proces s model and tasks
Crim eF ighter Inves tigator concepts
Analys is and support of tas ks
Work flow support: node rem oval
INTRODUCTION
THE DOMAIN
THE TOOL
EVALUATION &
CONCLUSION
4. Introduction
B ut what is it about, then?
Criminal Network Investigation
network dom ain
not crim inal:
sus pects , relatives ,
random people
inform ation
as s ociations
proces s
inves tigation
dom ain
Organized crime
Terrorism
National security
WMDs
Fraud
Extremism
Right
Left
Homicide
5. Introduction
Challenges and res earch focus
Inform ationInvestigator
centric
Institution or
environment
centric
Quantitative
External
Qualitative
Internal
Proces s
Hum an factors
Tacit knowledge
Context
Politics & legal framework
Managem ent
A software system addressing information, process, and human
factors challenges would be a useful tool for assisting criminal
network investigators in their work.
Research hypothesis
6. Method
B ardram ’s F is h Model
Write the thes is
Wrapping up!
I started here
I wanted to go here
DONE! (really, this is where I wanted to go)
Vis it to Imperial
College and
Univers ity of Hof,
Tool
developm ent
Write papers ,
book chapter,
journal paper
Prototyping, tool
tes ting
Literature studies ,
conferences ,
cours es ,
13. Crim inal network inves tigation
Exam ple: Daniel P earl inves tigation
14. Crim inal network inves tigation
cas e: Daniel P earl inves tigation
Screens hots from the movie ’A Mighty Heart’
Target
AttributesEntities
Relations
16. T heory and technology
Hypertext I
Organizing and making sense of information
has been the main focus of hypertext research
from its very beginning.
Structure dom ains :
Ass ociative structures
Spatial structures
Taxonom ic structures
Iss ue-bas ed structures
Annotation and meta data structures
17. T heory and technology
Hypertext II
Associative structures Spatial structures
18. Problem definition
Inform ation
Problem s :
Inform ation amount
inform ation incom pletenes s
inform ation com plexity
“We typically have much less
data, or not so many attributes,
as it was the case in the
investigation you presented”
British Home Office analyst
(2011)
Res earch focus requirem ents :
Information #1: em erging and fragile structure
Information #2: integrating inform ation sources
Information #3: awarenes s and notification
Information #4: vers ioning support
19. Problem definition
P roces s
Problem s :
Increm ental deterioration
res pons ibility
overlapping proces s es
inform ation sharing
Res earch focus requirem ents :
Process #1: target-centric and iterative
Process #2: los s les s data abs tractions
Process #3: make everybody stakeholders
Process #4: integrate conceptual and com putational
models
“With a better working
methodology and a wider focus, the
Norwegian police security service
(PST) could have tracked down the
offender prior to July 22.”
22nd July Commission Report
(2012)
20. Problem definition
Hum an factors
Problem s :
Hum an cognition and creativity,
making hum ans more capable,
habitual and biased thinking,
trus t
Res earch focus requirem ents :
Human factors #1: augm ent hum an intellect
Human factors #2: trans parency and owners hip
Human factors #3: sim ple tools eas e-of-us e
Human factors #4: hum an-tool synergy
The human mind … operates
by association. With one
item in its grasp, it snaps
instantly to the next that is
suggested by the association
of thoughts.
Vannevar Bush (1945)
21. P roces s m odel
Target-centric, hum an-centered
TARGET
processing
collection
disseminationacquisition
sense-making
cooperation
sense-making
synthesis
cooperation flowinformation flow investigative process
shared investigative process
Toolsupport
synthesis
customer
investigatorinvestigator
collector
process influence
22. Tas ks
Acquis ition:
Acuis ition methods , dynam ic attributes , and attribute mapping.
Synthes is :
CRUD entities , CRUD ass ociations , re-s tructuring, grouping,
collaps ing and expanding, brains torm ing, inform ation types ,
em erging attributes .
Sens e-m aking:
Retracing the steps , creating hypothes es , adaptive modeling,
prediction, alias detection, exploring pres pectives , decis ion-
making, social network analys is , terroris t network analys is .
Diss em ination:
Storytelling, report generation.
Co-operation:
Shared inform ation space, discover em ergent collaboration,
shared work flows .
27. Tes ting the hypothes is
Work flow s upport: ’what-if’ ques tions
Novem ber 17,
partially obs erved
network
Asking what-if
ques tions
28. Tes ting the hypothes is
Work flow s upport: node rem oval
29. Evaluation
Methods and requirem ents coverage
T hree methods :
Capability com paris ons (m odels and tas ks )
End us er interviews
Meas ures of perform ance
Good coverage!
32. Conclus ion
Res earch focus requirem ents and hypothes is
Res earch focus requirem ents
Support of the hypothes is
A software system addressing information, process, and
human factors challenges would be a useful tool for
assisting criminal network investigators in their work.
33. Conclus ion
Contributions
Challenges
Proces s model
Tas k lis t
Tool support
Novel approach to tool support
Com ponents for tool support
Publications
34. F uture work
Tool developm ent and evaluation
Tool developm ent
Branched his tory
Vis ualization and filtering
Cus tom algorithm s (s ave work flows ,
dedicated editor)
Prediction (im prove mops )
Tool evaluation
Us ability experim ents
Capability com paris ons