Open navigation

Manipulating and Searching Maltego Graphs

Modified on: Sat, 16 Mar, 2024 at 12:53 AM

Splitting the Graph (Graph Groups)

Analysts may oftentimes wish to work on two or more different graphs at the same time to compare and/or contrast those graphs.


In order to do this, you can right-click on the graph tab at the top of the canvas and select New Document Tab Group. To return to the standard view, you can either close the graphs in the new Tab Group, or select Collapse Document Tab Group, thus collapsing all graphs back into one group. 

 

A screenshot of a computer

Description automatically generated 


Text, whiteboard

Description automatically generated


Finding Items Across Multiple Graphs

Instructions for locating items such as Entities, links, keywords, and properties present in multiple graphs can be found below.


Often, while working on multiple graphs during an investigation, it becomes necessary to locate items across multiple graphs. This can be achieved in two ways:

  • Selecting and copying Entities from one graph to another while noting common Entities.
  • Using the feature 'Find in Files' to search items in saved graphs.  


Using bookmarks: the select, copy, and paste method

Firstly, let us work through how we can use the selection, copy, and paste method to find common Entities.

Consider the following graphs for example:



Step 1. Select 'Person One' from Graph1 by using a bookmark color and click the Investigate tab > Select Bookmarked



Step 2. Right click on Graph1 > click 'Copy' > select 'Copy' (as GraphML)



Step 3. Switch to Graph2 and press Ctrl+v to paste the copied GraphML.

You will see a popup showing the matched Entities.



The "Find in Files" method

In addition to the first example, we can find emails, notes and links in multiple saved graphs with the help of the "Find in Files" feature. Note that using the 'Find in Files' feature first requires that all open graphs are saved to the file system.


Step 1. Select the option 'Find in Files' from the Investigate tab.



Step 2. Fill in search parameters to find all emails ending with '@paterva.com' and click Search


Where: location in file system where the graphs are saved.

Find: piece of string that has to be found.

Graph items: '@paterva.com' is an Entity, check-mark Entities and select 'Email Address' from the dropdown menu.

Search in: Check mark all options to find '@paterva.com' in places other than the value of Entity itself. 



Step 3. Results found will be displayed as a list. Double clicking the result will take you to that Entity.



Step 4. Similarly we can find text in notes.



Results:



Step 5. To find links, use parameters similar to these.



Results:



Using Bookmarks to Return to Relevant Data

What follows is a simple overview of how to select and use Bookmarks.

 

Bookmarks help to: 

  • Provide anchor points for important data 
  • Show the nexus of an investigation


Using Bookmarks (the select, copy, and paste method)

Here is a more complex explanation of Bookmarks.


Firstly, let us work through how we can use the selection, copy, and paste method to find common Entities.

Consider the following graphs for example:


Diagram

Description automatically generated


Step 1. Select 'Person One' from Graph1 by using a bookmark color and click the Investigate tab > Select Bookmarked


Graphical user interface

Description automatically generated


Step 2. Right click on Graph1 > click 'Copy' > select 'Copy' (as GraphML).


Timeline

Description automatically generated


Step 3. Switch to Graph2 and press Ctrl+v to paste the copied GraphML.

A popup will appear showing the matched Entities.


Graphical user interface, diagram

Description automatically generated


For each matched Entity you have the choice of which you would prefer to keep, or whether to merge them into a single Entity.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.