This doc will discuss how you can find items such as entities, links, keywords and properties present in multiple graphs.

 

In some cases if an investigator is working on multiple graphs, it becomes necessary to have an ability to find items in multiple graphs with least efforts. This can be done by two methods

  1. Selecting and copying entities from one graph to another while noting common entities.
  2. Using feature 'Find in Files' to search items in saved graphs.

This feature 'Find in Files' needs all graphs to be saved first. Saving graphs to the file system is a good practice anyways. 


First we will discuss how to use selecting, copy and pasting method to find common entities. Consider the following graphs for example.

Graph1
Graph2


Step 1. Select 'Person One' from Graph1 by using color of bookmark. Go to Investigate tab > Select Bookmarked.



Step 2. Right click on Graph1 > click 'copy' > select 'copy (as GraphML)'.



Step 3. Switch to Graph2 and press ctrl+v to paste the copied GraphML. You will see a popup showing the matched entities.



Considering the same example above, we will find emails, notes and links in multiple saved graphs with the help of 'Find in Files' feature.

Step 1. Select the option 'Find in Files' from Investigate tab.



Step 2. Fill in search parameters to find all emails ending with '@paterva.com' and click Search.

Where: location in file system where the graphs are saved.

Find: piece of string that has to be found.

Graph items: '@paterva.com' is an Entity, check mark Entities and select 'Email Address' from drop down menu.

Search in: Check mark all options to find '@paterva.com' in places other than the value of entity itself. 



Step 3. Results found will be displayed as a list. Double clicking the result will take you to that entity.



Step 4. Similarly we can find text in notes.



Results



Step 5. To find links, use parameters similar to these.



Results: