Accounting for Social, Spatial, and Textual Interconnections

Abstract

This is a chapter about what link analysis and data mining can do for criminal investigation. It is a long and complex chapter, in which a variety of techniques and topics are accommodated. It is divided in two parts, one about methods, and the other one about real-case studies. We begin by discussing social networks and their visualisation, as well as what unites them with or distinguishes them from link analysis (which itself historically arose from the disciplinary context of ergonomics). Having considered applications of link analysis to criminal investigation, we turn to crime risk assessment, to geographic information systems for mapping crimes, to detection, and then to multiagent architectures and their application to policing. We then turn to the challenge of handling a disparate mass of data, and introduce the reader to data warehousing, XML, ontologies, legal ontologies, and financial fraud ontology. A section about automated summarisation and its application to law is followed by a discussion of text mining and its application to law, and by a section on support vector machines for information retrieval, text classification, and matching. A section follows, about stylometrics, determining authorship, handwriting identification and its automation, and questioned documents evidence. We next discuss classification, clustering, series analysis, and association in knowledge discovery from legal databases; then, inconsistent data; rule induction (including in law); using neural networks in the legal context; fuzzy logic; and genetic algorithms. Before turning to case studies of link analysis and data mining, we take a broad view of digital resources and uncovering perpetration: email mining, computer forensics, and intrusion detection. We consider the Enron email database; the discovery of social coalitions with the SIGHTS text mining system, and recursive data mining. We discuss digital forensics, digital steganography, and intrusion detection (the use of learning techniques, the detection of masquerading, and honeypots for trapping intruders). Case studies include, for example: investigating Internet auction fraud with NetProbe; graph mining for malware detection with Polonium; link analysis with Coplink; a project of the U.S. Federal Defense Financial Accounting Service; information extraction tools for integration with a link analysis tool; the Poznan ontology model for the link analysis of fuel fraud; and fiscal fraud detection with the Pisa SNIPER project.