If you have read what link analysis is, this is the hands-on version: how to take the numbers, emails, and wallet addresses you have collected and turn them into a map that shows who is connected to whom. The mechanics are simple; the value is in doing it carefully so the result holds up.
Step 1 — Gather your identifiers
Pull together every identifier from the case: phone numbers, email addresses, usernames, crypto wallets, account numbers, even reused profile photos. Put each one down as its own entry. Do not filter yet — the point of a map is to see connections you did not expect.
Step 2 — Draw the connections you can prove
For each pair of identifiers, ask: is there evidence linking them? The same email registered two wallets. One number texted three different accounts. A wallet that received funds and then forwarded them. Draw a line for each connection you can back with a real record, and note what backs it. Keep speculation off the map — the analytic standards from law-enforcement bodies exist precisely to keep each link documented.
Step 3 — Look for the hubs
Once the map is drawn, the busy nodes stand out: the email behind several wallets, the number tying separate “people” together. Those hubs are usually the real story — the single account or person operating behind what looked like many. That is the moment a scattered pile of evidence becomes a picture of how the scheme actually worked.
Step 4 — Make it usable
A map you build by hand is a great thinking aid, but at scale you want software that keeps it consistent and lets you pivot from any node to everything connected to it. SleuthX’s link analysis does this inside a full investigation, and the connections feed straight into a court-ready exhibit when you need one.
