Greetings investigators!
LinkScope version 1.3.0 was just released! Download the installer for the software from the ‘Downloads’ page.
The main feature that we are delivering in this version is the LQL Query Wizard. LQL stands for LinkScope Query Language, and it is a powerful graph query language that lets you filter through the graph database of your project.
With conventional databases, queries search for elements across tables, and conditional statements are only used for comparisons of element values. Graph databases, however, are more complex. Each element is more than just a row in a table; every single entity could have a varying number of attributes, or be part of a convoluted web of relationships that an investigator has to make sense of.
It is therefore necessary to be able to select nodes with more than just value qualifiers. The ability to view which nodes are part of which relationships can drastically quicken any investigation. This is where LQL comes in.
LQL allows users to select entities based on the values of their attributes, as well as their relationships with other entities. Take the following graph for example. There are a series of transactions made, represented as Currency entities, between a lot of different organizations.
Let’s say we want to check out all incoming transactions made directly to Gold Star LTD, the top node in our pyramid, and see how much money is flowing into the company. Our query will be as follows:
SELECT the ‘Amount’ field, which is used by the Currency entities to show the money they represent,
FROM the ‘Home’ canvas, as we only want to consider nodes in this particular graph,
WHERE the entities have a parent-child relation with the ‘Gold Star LTD’ entity,
MODIFY the values in the ‘Amount’ field to be, and to be treated as, numbers.
And with that said, here is a video showing the LQL Query Wizard in action:
And that’s not all! In this update, we introduced a feature that allows investigators to detect cycles in graphs. Having entities lead back into themselves is normal in some cases, and highly unusual in others. In the cases where you want to see if it all goes back to the start, there is no faster way than to use the ‘Extract Cycles’ functionality.
As for how it works, there is no better way to explain it than with a 10 second demonstration video:
With every new update, we aim to improve the arsenal of tools that investigators have at their disposal, to assist them in uncovering significant data and patterns in an otherwise confusing web of information. We expect that this update will offer a considerable boost in capabilities for everyone using LinkScope.
Best Wishes,
AccentuSoft