03 Switchover SNH -> Maltego Evidence
General information
Maltego Evidence is an entirely new development of the Social Network Harvester. In addition to a completely renewed technological basis, the program interface has been modernized from the ground up and adapted to current standards. Unfortunately, this does not mean everything can remain "as it was." There are differences in the range of functions and the actual use of Maltego Evidence. In this chapter, we will go into detail about these differences in operation and thus enable you to make the smoothest possible transition between the SNH Classic and Maltego Evidence.
The "Runner Principle"
SNH Classic was conceived as a desktop application enabling a single user to conduct investigations in social networks. To carry out investigations in social networks. The data collection was iterative. This means that only one data collection job was executed after the other. Efficient parallelization was not possible.
The Maltego Evidence's data collection is based on a "runner principle." Each data collection job is executed by a runner. A runner is a separate software function that processes jobs independently of the main application. Depending on the Maltego Evidence's license, it is possible to execute several runners and, thus also, several data backup jobs in parallel. This leads to a considerable increase in the workflow's effectiveness and enables data collection in the background.
Case management
Case processing in Maltego Evidence has been significantly revised compared to SNH Classic. While it was previously necessary to create a network-dependent case before collecting data, this network dependency is now eliminated. In the future, cases will be organized into "projects" that can be created independently of the social network. This allows them to conduct cross-network investigations in one project instead of creating a separate case for each social network.
Of course, it is possible to import an SNH Classic case into a Maltego Evidence project.
Collecting data from social networks
The collection of data in Maltego Evidence works in principle in the same way as with the workflow function of SNH Classic. You can create a backup job in Maltego Evidence based on existing URLs of the profiles to be backed up or the posts to be backed up, which will be processed iteratively and in parallel.
If they do not have a URL, then it is also possible, as with SNH Classic, to search in a browser in the social network and to start data collection for identified profiles and posts. For efficiency reasons, Maltego Evidence does not display its integrated browser, but you can investigate using your normal Internet browser and all the toolsets you use. Seamless integration with Maltego Evidence is provided by a Maltego Evidence browser addon, which enables content detection and backup. However, the actual backup still takes place in Maltego Evidence.
Create web page screenshots
The function of screenshots of complete network profiles, which is popular among many users, is included in Maltego Evidence. For this purpose, Maltego Evidence scrolls the timeline of the securing profiles to the bottom of the page and creates a contiguous screenshot in PDF format.
Analytics and network analysis
Maltego Evidence merges the former network analysis and analytics functions into a new summary analytics function. This allows not only network analyses to be performed but also content-related data links to be traced.
The network analysis function, known from SNH Classic, can be started in Maltego Evidence Analytics area with the "Initialize with all profiles and connections" button.
The Analytics functions known from SNH Classic can be accessed in Maltego Evidence via the context menu in the graph (right mouse button).