smart solutions: data analytics to support fraud …...geocoding: enriching and validating data 31...
TRANSCRIPT
Smart Solutions: Data Analytics to
Support Fraud Examinations
About me
Understanding data
Cleansing data
Enriching and validating data
Importing data
Analyzing data
Reporting
Agenda
2
Jörn Weber
Certified Fraud Investigator
19 years experience—German law
enforcement
Since1999 Managing Partner at
corma GmbH:
Solution provider
Partner for corporate security
About Me
3
About corma GmbH
4
Stops suspects by:
analytical investigations
operative investigations
Saves time by:
online research
online monitoring
Increases efficiency
and saves money by:
data analytics
global intelligence
solutions
Data Modeling
5
© corma GmbH
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Reporting
What Are “Smart Solutions?”
6
We need to understand data related to
our cases.
Which data?
Understanding Data
7
It is a challenge to understand data.
What kind of challenge? Data quantity
Understand relationships and background
Bring data into context
How does it work? In four steps
Understanding Data
8
© Dan Roam
Look at the data:
Understanding Data
9
© Dan Roam
See the pattern:
Understanding Data
10
© Dan Roam
Imagine:
Understanding Data
11
© Dan Roam
Show: Summarize your findings
Understanding Data
12
© Dan Roam
What did we accomplish?
Understanding Data
13
corma Workflow in 3 Steps
1. Chain of custody
a) Record all your steps
i.e., in a Word document
Software: CaseNotes, OneNote by Microsoft
b) Store original data in a secure area
c) Create digital fingerprints: MD5 Hash
http://md5deep.sourceforge.net
www.bitdreamers.com (Checksum Verifier)
Compare file content (UltraCompare)
d) Work with a copy of the original data only
Understanding Data
14
2. Identify data formats
a) Research www.file-extensions.org
www.filext.com
www.fileinfo.com
.gpi
.bqy
.blb
Understanding Data
15
Garmin Point of Interest file
BrioQuery database file
ACT! database file
2. Identify data formats
b) View (read only) www.uvviewsoft.com
Understanding Data
16
2. Identify data formats
c) Deep view (editable) www.ultraedit.com
Understanding Data
17
3. From raw data to smart structured data
Understanding Data
18
Develop first ideas for analytical
approach
Understanding Data
19
Result: Identified and understood data
Understanding Data
20
First import and analytics
Data preparation
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Reporting
What Are “Smart Solutions?”
21
Challenges
High data quality required for good
analysis results
Constantly increasing data quantity
Cleansing/Standardizing Data
22
“Bad data” samples
Cleansing/Standardizing Data
23
Why should data be cleansed:
Reliable analysis results are required.
Data cleansing saves time that otherwise would come up during the analysis process.
Reduce unwanted deviations and variations.
Identify entities (e.g., person, organization, address).
Insights often lead to further findings.
Cleansing/Standardizing Data
24
Fast and flexible handling of large quantities of data
Flexible import from various data sources
Intuitive research
Analyses, calculations, statistics
Business Intelligence
Ad hoc reporting
25
Solution
Combine different data formats
Fix data quality issues
Identify missing data
Optimize link analysis results
Apply different tools for standardized data cleansing
26
With InfoZoom you can
27
Sample Data Cleansing
Developing automated queries saves
time
28
Benefits
Benefits:
Time-saving
Flexible
Maximize effectiveness
Team “compatibility”
Easy to learn
By means of:
Developed workflow for recurring processes
Standardized processes (templates)
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Reporting
What Are “Smart Solutions?”
29
Imagine:
Enriching and Validating Data
30
Geocoding: www.gpsvisualizer.com
Enriching and Validating Data
31
Geocoding: www.gpsvisualizer.com
Enriching and Validating Data
32
Geocoding: www.gpsvisualizer.com
Enriching and Validating Data
33
Whois query - manually
Enriching & Validating Data
34
Whois batch query
Enriching and Validating Data
35
Whois
Enriching and Validating Data
36
Whois
Enriching & Validating Data
37
Address verification—manually
Enriching & Validating Data
38
Address verification—service
provider or software (for large amounts
of data):
AddressDoctor
www.addressdoctor.com
Experian www.qas-experian.com.au
Enriching & Validating Data
39
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Reporting
What Are “Smart Solutions?”
40
Importing Data
41
42
Sample Import:
i2 IBM-Database
43
Case Study:
Insurance Claims Audit
One file ready for analysis
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Reporting
What Are “Smart Solutions?”
44
Analytics … yes … but structured:
Identify needed analytical steps.
Develop “questions” to data.
What has prompted the need for the analysis?
What is the key question that needs to be answered?
How to create evidence out of data?
Visualize your thinking!
Analyzing Data
45
Analytical techniques
Chronologies and timelines (understand
timing and sequence of events)
Sorting (categorizing and hypothesis
generation)
Ranking, scoring, prioritizing (determine
which items are most important)
Network analysis—analyze relationships
between entities (e.g., people,
organizations, objects)
Analyzing Data
46
Best practice:
Document processes in intranet/wiki.
Select the right tool for each task.
Train the users.
Keep the users “busy.”
Look out for new solutions.
Analyzing Data
47
Query—an investigative question,
converted into database search
Analysis Sample i2 IBM
48
How many organizations are known at
this address?
Analysis Sample i2 IBM
49
50
Analysis Sample (InfoZoom)
Decoding (classification; i.e., phone data)
51
Email Analysis with Intella
52
Timelinemaker
i2 IBM Analyst’s Notebook
Timeline Charts
53
Classic view: Event log
View: Event log Explorer
Windows Event Log Analysis
54
Windows Event Log Analysis
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Reporting
What Are “Smart Solutions?”
55
Final work starts when single
components are ready:
Reporting the Results
56
Reporting the Results
57
58
Jörn Weber—[email protected]
+49 (162) 1009402
corma GmbH · Heinz-Nixdorf-Straße 22 · D-41179 Mönchengladbach ·
Tel: +49 2161 277 85 - 0 · Email: [email protected] · Web: www.corma.de
Thank You!