What is link analysis, in plain terms?

Link analysis is a way of mapping relationships. You take a set of identifiers — phone numbers, emails, usernames, wallet addresses, accounts — and draw the connections between them so the structure becomes visible. Instead of a list of facts, you get a picture of who (or what) is connected to whom, which makes patterns and central players jump out.

Is link analysis just for police and intelligence analysts?

No — it started there, and the analytic standards come from law-enforcement bodies, but the technique applies to any investigation that involves a web of identifiers: fraud, harassment, scams, and disputes. The same idea that maps a criminal network can map the accounts behind a scam that targeted you.

Do I need special software to do it?

You can sketch a small map by hand, but software makes it practical once there are more than a handful of identifiers — it keeps the graph consistent and lets you pivot from any node to everything connected to it. SleuthX includes link analysis as part of an end-to-end investigation rather than as a standalone graphing tool.

What Is Link Analysis? A Plain-English Guide

Link analysis is one of those terms that sounds technical and turns out to be intuitive. At its core it is a way of seeing relationships. Take the identifiers in a case — phone numbers, email addresses, usernames, crypto wallets, accounts — and draw the lines between them. What was a flat list becomes a map, and on a map the structure is obvious: clusters, hubs, and the connections you would never have spotted reading down a spreadsheet.

The idea, with a picture in your head

Imagine each identifier as a dot, and a line between two dots whenever they are connected — the same number texted both accounts, the same email registered two wallets. Do that across a whole case and the busy dots (the ones with many lines) tend to be the people or accounts that matter most. Analysts call the dots nodes and the lines edges, but the insight needs no jargon: connection reveals structure.

Where the technique comes from

Link analysis is a staple of professional intelligence work. The Law Enforcement Analytic Standardspublished by IALEIA and the DOJ’s Bureau of Justice Assistance, and BJA’s Toolbox for the Intelligence Analyst, treat it as a foundational method, and UNODC’s criminal-intelligence guidance for analysts covers it as well. The standards exist because the technique is powerful enough that doing it rigorously matters.

Why it helps an everyday investigation

You do not need to be chasing a cartel to benefit. A scam, a harassment campaign, or a fraud usually hides behind several accounts and numbers that look unrelated until you map them — and then the same wallet or the same recycled email ties them together. That is the moment a case stops being a pile of screenshots and starts being a story.

Doing it for real

When you have more than a few identifiers, you want software that builds the graph for you and lets you pivot from any node to everything connected to it. That is exactly what SleuthX’s link analysis does — as part of a full investigation, not as a disconnected graph tool. For a hands-on walkthrough, see turning numbers, emails, and wallets into a connection map.

Primary sources

International Association of Law Enforcement Intelligence Analysts (IALEIA) / DOJ Bureau of Justice Assistance, Law Enforcement Analytic Standards (OJP/NCJRS abstract). https://www.ojp.gov/ncjrs/virtual-library/abstracts/law-enforcement-analytic-standards

Bureau of Justice Assistance / Global Justice Information Sharing Initiative, A Toolbox for the Intelligence Analyst. https://bja.ojp.gov/sites/g/files/xyckuh186/files/media/document/analyst_toolbox.pdf

United Nations Office on Drugs and Crime (UNODC), Organized Crime — Tools and Publications (Criminal Intelligence Manual for Analysts). https://www.unodc.org/unodc/en/organized-crime/tools-and-publications.html

Quinnlan Varcoe

Founder & CEO

GIAC-certified · 15 industry certifications

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response