A man was discovered murdered on a street late at night. Police were called to the scene and began their investigation. They found limited clues but saw footage of a potential suspect. Detectives then used big data analytics to identify individuals near the crime scene around the time of the murder. This led them to three male suspects. Further investigation of these suspects focused on building profiles of their patterns of life in hopes of identifying the killer.

1. Don’t Panic! Big Data Analytics vs. Law Enforcement.
Who can Solve it Faster?

2. There has been a murder…
www.hackerhalted.com 2

3. On this street
www.hackerhalted.com 3

4. At this time:
www.hackerhalted.com 4
A body is
discovered.

5. www.hackerhalted.com 5
White male, age 38

6. A woman discovers the body at 1:50AM
after her shift ends at Tonio’s restaurant.
She immediately calls the police.
www.hackerhalted.com 6

7. Police arrive at
1:53AM.
The officers
cordon off the
area and check
for clues.
www.hackerhalted.com 7

8. www.hackerhalted.com 8
Detective looks up and
sees a security camera
on the corner building…
Time of death –recent
Type – knife wound
Wallet is intact – license,
credit cards, photos, and
cash
Witnesses – no one is
around besides the
woman who called
Side street

9. • Detective finally gets access to
the owner of the building and
gets a copy of the footage; they
discover limited traffic but at
1:38AM they catch a partial
image of a white male in a blue
hooded sweatshirt, face
unrecognizable.
www.hackerhalted.com 9
Evidence

10. Investigation
• Determine victim’s identity
• Make/model of victim’s car
• Time of death
• Suspected method
• Physical evidence
• Begin witness canvassing
• Victim’s entire geo coordinate information
• Pattern of life
• Social life
• Work life
• Shopping, interests, politics, health
• Predictive, accurate measures of behavior
www.hackerhalted.com 10
Detectives Big Data

11. Investigation
• Interview witnesses
• Talk to victim’s family, friends, co-workers
• Look through social media
• Profile on victim
• Profile of suspects
• Process evidence
• Facts
• No useable DNA
• Facial recognition not useable
• No grudges or beef
• Knife was not victim’s
• No witnesses saw anything
• Location of all other people nearby at the
time of the incident
• Pattern of life on every one of those
people
• Google locations
• GPS locations / frequent places
• Social media data collection
• Vehicle identification
• Family history
• Behavioral tendencies
• Smart home sensor data
• Ambient noise recordings
• Buying and purchase history based on tailored
ad content
www.hackerhalted.com 11
Detectives Big Data

12. Putting the Two Together
Based on ISP records and social
media post location, detectives were
able to retrieve the names of
everyone with in a 1 km radius, 10
minutes before and after the crime
took place.
11 individuals were identified
• 8 individuals were Female
• 3 individuals were male
• Target recon conducted on the 3 males
identified
www.hackerhalted.com 12

13. Story Wrap-Up
The Suspect
• Acted out of anger / Road rage
• Victim parked too close to suspect’s car
• No connection to the victims life
• Law enforcement can not find any direct link from the suspect to the
victim and will need to use data analytic tools to help solve this
crime.
• Data Analysts and Targeters used data driven OSINT to build a
profile and a pattern of life for the suspect.
www.hackerhalted.com 13

14. Thank you.
Tyler Cohen Wood
Executive Director Cyber Workforce Development
CyberVista
Tyler.CohenWood@cybervista.net
Twitter: @TylerCohenWood
LinkedIn: linkedin.com/in/tylercohen78
Matt Salmon
Technical Cybersecurity Manager
CyberVista
Matt.Salmon@cybervista.net
LinkedIn: linkedin.com/in/matthew-salmon-129155a4
www.hackerhalted.com 14