In link analysis, the links show the commonality between websites that were viewed.
During security incident investigations, you can quickly see where there is overlap and how people
are communicating.
For example, if you think that group of perpetrators are collaborating but aren't sure how, you
can look at a set of documents from a number of users, and use link analysis to show common web
pages. You can then investigate specific websites.
Procedure
-
On the Forensics tab, select one or more web pages from the
Grid view.
-
From the investigative tools menu at the top of the grid, click Link
Analysis.
If there is a relationship between websites, a cytoscape chart shows the web pages as circles
(nodes) and links to and from the web pages as arrows. The larger the node, the more links the
document has in its path and the larger the link arrow, the more times that link was used. Selected
nodes are yellow.
-
To investigate communication from a specific web host, from the Select Web
Host list, select the web host.
The nodes that represent the web pages from the selected web host are highlighted as dark gray
circles.
-
To enlarge or decrease the size of the circles (nodes) and arrows, use the zoom in (+) or zoom
out (-) controls.
You can also scroll up or down on the mouse wheel to increase or decrease the size of the nodes
and arrows.
-
To move one or more nodes, click and drag the nodes.
You can move the entire graph by clicking anywhere in the background and then holding and
dragging.