08 Import / Export
Import of cases from SNH Classic
Maltego Evidence Desktop allows you to use existing SNH Classic cases as the basis for new cases as well as import them into existing Maltego Evidence Desktop cases. In this way, you can now merge surveys that are still separated by network in the SNH Classic but belong together in the underlying investigation into a single Maltego Evidence Desktop case or seamlessly continue existing backups of the SNH Classic with Maltego Evidence Desktop.
Preparation: Export from SNH Classic
A preparatory step is required in the SNH Classic to make the respective case importable for Maltego Evidence Desktop. To do this, click on "File" in the open case and then on "Export". Then select "SNH Titan".
In the window that opens, you can check the existing case information and change it for the export if necessary. In addition, you select a storage location for the file to be exported in the last line. After clicking on "Export", a .zip file is created, which can subsequently be used for the import within the SNH Titan Desktop.
Import into Maltego Evidence Desktop
Importing SNH Classic cases is possible in two places within Maltego Evidence Desktop.
Import by creating a new Maltego Evidence Desktop case
Open the mask for creating a new project and click on "Select file" in the "SNH 1 Project Import" field. Select the generated export file. This has the file extension ".zip".
Also specify a new project name and case number. Click on "Create Project" and, depending on the size of the SNH Classic case, have a little patience. All media files must be transferred, as well as all profiles, tags, etc. This may take a few minutes depending on the size.
After the import is complete, the Maltego Evidence project will open and you can view your data collected with the SNH Classic. Now you can continue working within Maltego Evidence desktop or, if there is other related SNH Classic data from other networks, you can proceed to the next step.
Import into an existing Maltego Evidence Desktop case
To import a SNH Classic case into an already created Maltego Evidence Desktop case click on "Import" in the upper bar and then on the button "SNH Exchange Format". After further clicking on "Select File" you can select the file previously exported from the SNH Classic.
Maltego Evidence Desktop analyzes the file and by clicking on "Import" the selected data is added to the current case. This may take a few minutes, depending on the size of the file to be imported.
Target Profiles
In Maltego Evidence, the profiles whose data is saved are referred to as target profiles. Postings, friends, media files, etc. are collected from this profile. In the Analytics area, for example, marking one or more profiles as a target profile is helpful, as the graphs can be initialized from them. Once you have imported a case into Maltego Evidence, you should mark the profiles whose data has been collected as target profiles. This can be done by sorting all imported profiles in the profile explorer according to their connections. Your target profiles should then be easy to identify. Clicking on the relevant profile opens a sidebar in which you can mark the profile as a target profile (see image below).
Export functions
Maltego Evidence Desktop currently offers you three export options. These are accessible via the upper bar and the item "Export":
- GRAPHML
- SNH Portable Case
- SNH Media Items
- SNH2 Exchange Format
- Target Profile Export
GRAPHML (Gephi)
With the button GRAPHML (Gephi) you can export a .graphml file, which you can load with the software Gephi or similar. Here Maltego Evidence Desktop exports connections of all profiles saved under "All Profiles". After clicking on "Export" you can specify the desired location.
SNH Portable Case
Using the "SNH Portable Case" button, you can export your case data so that it can be viewed from any PC that has an up-to-date browser installed. A .zip file will be exported. By opening the HTML file contained therein, you can view the saved data regardless of an existent Maltego Evidence license.
Media Items
The "SNH Media Items" button allows you to export all backed up media. You can choose whether to use the original file names as they were saved or whether tMaltego Evidence Desktop should use its own file names. If this last option is selected, the file names will always start with the determined upload date and time of the file, followed by a unique string.
SNH2 Exchange Format
To export the entire data of a project to another project, you can use the SNH2 Exchange Format. The SNH2 Exchange Format contains all files and media of the project. Reports and analytics pages are not included in the export. As described above, the exported file can be imported into another project via the import menu.
Target Profile Export
With the target profile export, you can export all files and lists for one or more profiles at the same time. To do this, select the target profiles whose data you want to export from the list.
If you want to export the data of a profile that is not a target profile, you can select it by clicking on the "Select another profile" button in the table of all profiles.
Deleting the export list
If you want to delete the list of export jobs, click on the trash can icon in the top right-hand corner and confirm the message in the subsequent pop-up.
