Link analysis
Definition
A graph-based analytical technique that maps entities (IP addresses, domains, accounts, phone numbers, wallets) as nodes and relationships (communications, ownership, transactions) as edges. Used to identify shared infrastructure, trace criminal networks, and follow financial flows.
Related terms
- Chain of custody
- The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
- Hypothesis testing
- In digital forensics, the practice of forming a specific, falsifiable proposition about what occurred (such as 'the attacker used account X to...
- NetFlow
- A network protocol (originally Cisco, now standardised as IPFIX under RFC 7011) that records metadata about IP traffic flows: source and destination...
- SIEM (Security Information and Event Management)
- A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
- Timeline reconstruction
- The process of ordering digital events from multiple sources into a single chronological account. Requires normalising all timestamps to a common reference...
Explained in
- Cyber Investigation Tools and Analytical WorkflowA graph-based analytical technique that maps entities (IP addresses, domains, accounts, phone numbers, wallets) as nodes and relationships (communications, own...