Maltego and forensics?

re: "how does Maltego aid forensics? I''m interested in peoples forensic uses/examples/etc."

Maltego helps in forensics by being a tool you can use to quickly gather information, graph it and help you pivot from each piece of information.

As you keep gathering information through automated or manual means you can keep updating your graph with information and relationships.

This helps because collection and documenting relationships between separate pieces of information becomes tedious, and since at times it so borring you need a tool that help you take information, plot it to relationships, pivot on that piece of data and keep moving.

As you collect artifacts , the more information you find it will help paint a picture of possible other targets to investigate or areas of information to exploit.

With open source intelligence gathering you are always starting with small pieces of information, with the hope these small pieces will be validated through other pieces of information as you collect and analyze new things.

As information starts to validate itself you will also see the separate pieces of data start to form a circular connection coming back to your original piece of information, even if you didn't intend for it to do this... most of the time with maltego you will see this pattern emerge which can also help you easily show others without disclosing all the details of why x+y+d+q = the_answer.

In the end with some forensic investigations , or investigations in general you will need to discover and hunt new information about something. Nothing will ever be handed to you, so having a tool that aids in your hunt in an automated form as well as a manual form can help you.

You will always be hunting, the question is how can you speed that hunt up. Maltego helps speed that hunt up while also adding other capabilities depending on how you drive the tool.

-duc