Using Maltego CaseFile to map The Spy Hunter

In any investigation, keeping track of evidence is crucial to success. When it comes to crime scene photos, bios of suspects, pictures of exhibits, etc, you might like to follow the lead of TV cops and pin it all to a board in the squad room:

Doctor Reid and his gigantic sliding tile puzzle

Or you might like to use one of those new-fangled computer thingies instead. Paterva (of Maltego fame) have recently released a beta of their latest effort, CaseFile:

CaseFile is aimed at analysts that do not necessarily use open sources of intelligence (or even the Internet for that matter). Think of it as Maltego without transforms but with tons of new features. Adding/attaching photos, documents and annotations to nodes, graph merging, better integration with browsers, passwords on graphs, and tons of new useful entities – and this is just a few of the goodies we’ve added into CaseFile.

I thought I’d test it out by creating a graph of the players in my Spy Hunter packet challenges (Part One, Part Two). Here’s what I came up with:

The graph above shows SIBHOD on the right, and the target organisations on the left. SIBHOD’s infiltrations are either via its own agents (e.g. Kerry Nitpick using the alias Arnold Davies placed directly within NybbleComms) or via subverting employees (e.g. Donald Burgess). SIBHOD’s organisational structure is shown via the “Reports to” links; also shown are aliases and social network identities. The people are of different types – Dave Nice is a Gang Leader, Kerry Nitpick is a Gang Member, Donald Burgess is an Employee, etc.

Each element on the graph can have lots of information attached. For example, double clicking on the Silky Suzy “Alias” icon shows you this:

You can attach as many arbitrary files and notes as you like. I did try putting notes on the links (to document what an agent’s mission is, for example), but these don’t seem to get saved properly (bug in the beta?). Links to external sites are possible, too – double click Homer Hicks’ Twitter affiliation, and click “Open all URLs” in the top right to be taken directly to his Twitter feed:

It’s extremely cool. Download CaseFile from here (watch the video too), and the Spy Hunter graph from here, then have a play around!

Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk