Active Incident? 24/7 Response →
SleuthX

Investigation Basics

What Is Link Analysis?

A plain-English explainer: how investigators turn a scattered pile of phone numbers, emails, and accounts into a connected map that shows who is tied to whom.

Link analysis is one of those terms that sounds technical and turns out to be intuitive. At its core it is a way of seeing relationships. Take the identifiers in a case — phone numbers, email addresses, usernames, crypto wallets, accounts — and draw the lines between them. What was a flat list becomes a map, and on a map the structure is obvious: clusters, hubs, and the connections you would never have spotted reading down a spreadsheet.

The idea, with a picture in your head

Imagine each identifier as a dot, and a line between two dots whenever they are connected — the same number texted both accounts, the same email registered two wallets. Do that across a whole case and the busy dots (the ones with many lines) tend to be the people or accounts that matter most. Analysts call the dots nodes and the lines edges, but the insight needs no jargon: connection reveals structure.

Where the technique comes from

Link analysis is a staple of professional intelligence work. The Law Enforcement Analytic Standardspublished by IALEIA and the DOJ’s Bureau of Justice Assistance, and BJA’s Toolbox for the Intelligence Analyst, treat it as a foundational method, and UNODC’s criminal-intelligence guidance for analysts covers it as well. The standards exist because the technique is powerful enough that doing it rigorously matters.

Why it helps an everyday investigation

You do not need to be chasing a cartel to benefit. A scam, a harassment campaign, or a fraud usually hides behind several accounts and numbers that look unrelated until you map them — and then the same wallet or the same recycled email ties them together. That is the moment a case stops being a pile of screenshots and starts being a story.

Doing it for real

When you have more than a few identifiers, you want software that builds the graph for you and lets you pivot from any node to everything connected to it. That is exactly what SleuthX’s link analysis does — as part of a full investigation, not as a disconnected graph tool. For a hands-on walkthrough, see turning numbers, emails, and wallets into a connection map.

Primary sources

  1. International Association of Law Enforcement Intelligence Analysts (IALEIA) / DOJ Bureau of Justice Assistance, Law Enforcement Analytic Standards (OJP/NCJRS abstract). https://www.ojp.gov/ncjrs/virtual-library/abstracts/law-enforcement-analytic-standards
  2. Bureau of Justice Assistance / Global Justice Information Sharing Initiative, A Toolbox for the Intelligence Analyst. https://bja.ojp.gov/sites/g/files/xyckuh186/files/media/document/analyst_toolbox.pdf
  3. United Nations Office on Drugs and Crime (UNODC), Organized Crime — Tools and Publications (Criminal Intelligence Manual for Analysts). https://www.unodc.org/unodc/en/organized-crime/tools-and-publications.html

Meet Your Practitioner

Quinnlan Varcoe

Founder & CEO

GIAC-certified · 15 industry certifications

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response
Quinnlan Varcoe, Founder & CEO

Certified Expertise

GIAC · AWS · Splunk · CompTIA

Link analysis: quick answers

Quinnlan Varcoe, Founder & CEO

Schedule Your Session

Schedule a confidential consultation

A direct conversation with Quinn, the founder and CEO who oversees every engagement. NDA-protected. No sales process. Most engagements begin within 48 hours.

Transparent pricing

Trusted by partners across the practice

DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management
DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management