Network and document visualization

Investigators use the visualization tool to detect patterns, understand where the most network traffic and document congestion is during a specified time period, and view suspect content. For example, investigators can visualize network traffic patterns, such as servers that are accessed after company hours.

The VGrid tool is divided into time blocks. Suspect content, such as network traffic or documents, is depicted by a red rectangle on the grid. A green rectangle depicts regular content. A brightly colored block indicates more traffic. The higher the saturation of the color, the greater the amount of traffic. The brightness of a time block is relative to the current data displayed in the VGrid tool. For example, a brightly colored time block becomes darker as different time blocks are loaded with more data.

Investigators can view the types of network traffic and the number of documents for each time block that contains content.