Smart Solutions: Data Analytics to
Support Fraud Examinations
About me
Understanding data
Cleansing data
Enriching and validating data
Importing data
Analyzing data
Reporting
Agenda
2
Jörn Weber
Certified Fraud Investigator
19 years experience—German law
enforcement
Since1999 Managing Partner at
corma Gmb...
About corma GmbH
4
Stops suspects by:
analytical investigations
operative investigations
Saves time by:
online research
on...
Data Modeling
5
© corma GmbH
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Repor...
We need to understand data related to
our cases.
Which data?
Understanding Data
7
It is a challenge to understand data.
What kind of challenge?
Data quantity
Understand relationships and background
Bring ...
Look at the data:
Understanding Data
9
© Dan Roam
See the pattern:
Understanding Data
10
© Dan Roam
Imagine:
Understanding Data
11
© Dan Roam
Show: Summarize your findings
Understanding Data
12
© Dan Roam
What did we accomplish?
Understanding Data
13
corma Workflow in 3 Steps
1. Chain of custody
a) Record all your steps
i.e., in a Word document
Software: CaseNotes, OneNo...
2. Identify data formats
a) Research
www.file-extensions.org
www.filext.com
www.fileinfo.com
.gpi
.bqy
.blb
Understanding ...
2. Identify data formats
b) View (read only)
www.uvviewsoft.com
Understanding Data
16
2. Identify data formats
c) Deep view (editable)
www.ultraedit.com
Understanding Data
17
3. From raw data to smart structured data
Understanding Data
18
Develop first ideas for analytical
approach
Understanding Data
19
First import and analytics
Understanding Data
20
Result: Identified and understood data
Data preparation
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Repor...
Challenges
High data quality required for good
analysis results
Constantly increasing data quantity
Cleansing/Standardizin...
“Bad data” samples
Cleansing/Standardizing Data
23
Why should data be cleansed:
Reliable analysis results are required.
Data cleansing saves time that otherwise
would come u...
Fast and flexible handling of large
quantities of data
Flexible import from various data sources
Intuitive research
Analys...
Combine different data formats
Fix data quality issues
Identify missing data
Optimize link analysis results
26
With InfoZo...
27
Benefits
Benefits:
Time-saving
Flexible
Maximize effectiveness
Team “compatibility”
Easy to learn
By means of:
Develope...
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Repor...
Imagine:
Enriching and Validating Data
29
Geocoding: www.gpsvisualizer.com
Enriching and Validating Data
30
Whois query - manually
Enriching & Validating Data
31
Whois batch query
Enriching and Validating Data
32
Whois
Enriching and Validating Data
33
Whois
Enriching & Validating Data
34
Address verification—manually
Enriching & Validating Data
35
Address verification—service
provider or software (for large amounts
of data):
AddressDoctor
www.addressdoctor.com
Experia...
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Repor...
Importing Data
38
39
Sample Import:
i2 IBM-Database
40
Case Study:
Insurance Claims Audit
One file ready for analysis
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Repor...
Analytics … yes … but structured:
Identify needed analytical steps.
Develop “questions” to data.
What has prompted the nee...
Analytical techniques
Chronologies and timelines (understand
timing and sequence of events)
Sorting (categorizing and hypo...
Best practice:
Document processes in intranet/wiki
Select the right tool for each task
Train the users
Keep the users “bus...
Query—an investigative question,
converted into database search
Analysis Sample i2 IBM
45
How many organizations are known at
this address?
Analysis Sample i2 IBM
46
47
Email Analysis with Intella
48
Timelinemaker
i2 IBM Analyst’s Notebook
Timeline Charts
49
Classic view: Event log
View: Event log Explorer
Windows Event Log Analysis
50
Windows Event Log Analysis
Workflow
Understanding data
Cleansing/standardizing data
Enriching and validating data
Importing data
Analyzing data
Repor...
Final work starts when single
components are ready:
Reporting the Results
52
Reporting the Results
53
54
Jörn Weber—jw@corma.de
+49 (162) 1009402
corma GmbH · Heinz-Nixdorf-Straße 22 · D-41179 Mönchengladbach ·
Tel: +49 2161...
Upcoming SlideShare
Loading in …5
×

Smart Solutions: Data Analytics Substantial to Support Fraud Investigations

845 views

Published on

This presentation illustrates proven data analytics workflows applied in various types of investigations, and how to establish them to make your investigations more efficient and effective.
You will learn well-proved data analytics workflows, including understanding, cleansing, optimizing, analyzing your data and reporting the results.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
845
On SlideShare
0
From Embeds
0
Number of Embeds
35
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Smart Solutions: Data Analytics Substantial to Support Fraud Investigations

  1. 1. Smart Solutions: Data Analytics to Support Fraud Examinations
  2. 2. About me Understanding data Cleansing data Enriching and validating data Importing data Analyzing data Reporting Agenda 2
  3. 3. Jörn Weber Certified Fraud Investigator 19 years experience—German law enforcement Since1999 Managing Partner at corma GmbH: Solution provider Partner for corporate security About Me 3
  4. 4. About corma GmbH 4 Stops suspects by: analytical investigations operative investigations Saves time by: online research online monitoring Increases efficiency and saves money by: data analytics global intelligence solutions
  5. 5. Data Modeling 5 © corma GmbH
  6. 6. Workflow Understanding data Cleansing/standardizing data Enriching and validating data Importing data Analyzing data Reporting What Are “Smart Solutions?” 6
  7. 7. We need to understand data related to our cases. Which data? Understanding Data 7
  8. 8. It is a challenge to understand data. What kind of challenge? Data quantity Understand relationships and background Bring data into context How does it work? In four steps Understanding Data 8 © Dan Roam
  9. 9. Look at the data: Understanding Data 9 © Dan Roam
  10. 10. See the pattern: Understanding Data 10 © Dan Roam
  11. 11. Imagine: Understanding Data 11 © Dan Roam
  12. 12. Show: Summarize your findings Understanding Data 12 © Dan Roam
  13. 13. What did we accomplish? Understanding Data 13
  14. 14. corma Workflow in 3 Steps 1. Chain of custody a) Record all your steps i.e., in a Word document Software: CaseNotes, OneNote by Microsoft b) Store original data in a secure area c) Create digital fingerprints: MD5 Hash http://md5deep.sourceforge.net www.bitdreamers.com (Checksum Verifier)  Compare file content (UltraCompare) d) Work with a copy of the original data only Understanding Data 14
  15. 15. 2. Identify data formats a) Research www.file-extensions.org www.filext.com www.fileinfo.com .gpi .bqy .blb Understanding Data 15 Garmin Point of Interest file BrioQuery database file ACT! database file
  16. 16. 2. Identify data formats b) View (read only) www.uvviewsoft.com Understanding Data 16
  17. 17. 2. Identify data formats c) Deep view (editable) www.ultraedit.com Understanding Data 17
  18. 18. 3. From raw data to smart structured data Understanding Data 18 Develop first ideas for analytical approach
  19. 19. Understanding Data 19 First import and analytics
  20. 20. Understanding Data 20 Result: Identified and understood data Data preparation
  21. 21. Workflow Understanding data Cleansing/standardizing data Enriching and validating data Importing data Analyzing data Reporting What Are “Smart Solutions?” 21
  22. 22. Challenges High data quality required for good analysis results Constantly increasing data quantity Cleansing/Standardizing Data 22
  23. 23. “Bad data” samples Cleansing/Standardizing Data 23
  24. 24. Why should data be cleansed: Reliable analysis results are required. Data cleansing saves time that otherwise would come up during the analysis process. Reduce unwanted deviations and variations. Identify entities (e.g., person, organization, address). Insights often lead to further findings. Cleansing/Standardizing Data 24
  25. 25. Fast and flexible handling of large quantities of data Flexible import from various data sources Intuitive research Analyses, calculations, statistics Business Intelligence Ad hoc reporting 25 Solution
  26. 26. Combine different data formats Fix data quality issues Identify missing data Optimize link analysis results 26 With InfoZoom you can
  27. 27. 27 Benefits Benefits: Time-saving Flexible Maximize effectiveness Team “compatibility” Easy to learn By means of: Developed workflow for recurring processes Standardized processes (templates)
  28. 28. Workflow Understanding data Cleansing/standardizing data Enriching and validating data Importing data Analyzing data Reporting What Are “Smart Solutions?” 28
  29. 29. Imagine: Enriching and Validating Data 29
  30. 30. Geocoding: www.gpsvisualizer.com Enriching and Validating Data 30
  31. 31. Whois query - manually Enriching & Validating Data 31
  32. 32. Whois batch query Enriching and Validating Data 32
  33. 33. Whois Enriching and Validating Data 33
  34. 34. Whois Enriching & Validating Data 34
  35. 35. Address verification—manually Enriching & Validating Data 35
  36. 36. Address verification—service provider or software (for large amounts of data): AddressDoctor www.addressdoctor.com Experian www.qas-experian.com.au Enriching & Validating Data 36
  37. 37. Workflow Understanding data Cleansing/standardizing data Enriching and validating data Importing data Analyzing data Reporting What Are “Smart Solutions?” 37
  38. 38. Importing Data 38
  39. 39. 39 Sample Import: i2 IBM-Database
  40. 40. 40 Case Study: Insurance Claims Audit One file ready for analysis
  41. 41. Workflow Understanding data Cleansing/standardizing data Enriching and validating data Importing data Analyzing data Reporting What Are “Smart Solutions?” 41
  42. 42. Analytics … yes … but structured: Identify needed analytical steps. Develop “questions” to data. What has prompted the need for the analysis? What is the key question that needs to be answered? How to create evidence out of data? Visualize your thinking! Analyzing Data 42
  43. 43. Analytical techniques Chronologies and timelines (understand timing and sequence of events) Sorting (categorizing and hypothesis generation) Ranking, scoring, prioritizing (determine which items are most important) Network analysis—analyze relationships between entities (e.g., people, organizations, objects) Analyzing Data 43
  44. 44. Best practice: Document processes in intranet/wiki Select the right tool for each task Train the users Keep the users “busy” Look out for new solutions Analyzing Data 44
  45. 45. Query—an investigative question, converted into database search Analysis Sample i2 IBM 45
  46. 46. How many organizations are known at this address? Analysis Sample i2 IBM 46
  47. 47. 47 Email Analysis with Intella
  48. 48. 48 Timelinemaker i2 IBM Analyst’s Notebook Timeline Charts
  49. 49. 49 Classic view: Event log View: Event log Explorer Windows Event Log Analysis
  50. 50. 50 Windows Event Log Analysis
  51. 51. Workflow Understanding data Cleansing/standardizing data Enriching and validating data Importing data Analyzing data Reporting What Are “Smart Solutions?” 51
  52. 52. Final work starts when single components are ready: Reporting the Results 52
  53. 53. Reporting the Results 53
  54. 54. 54 Jörn Weber—jw@corma.de +49 (162) 1009402 corma GmbH · Heinz-Nixdorf-Straße 22 · D-41179 Mönchengladbach · Tel: +49 2161 277 85 - 0 · Email: mail@corma.de · Web: www.corma.de Thank You!

×