Overview#
An entity may appear in several investigations at once: a phone number in a fraud case, a vehicle in a surveillance case, a person in a safeguarding case, and a location in a public order incident. Looking at each case separately hides the pattern. The Cross-Investigation Multi-Track Timeline brings authorised case events together around a shared entity so analysts can see sequence, overlap, and escalation across investigations.
The module builds an entity-centred timeline with separate tracks for cases, evidence, profiles, alerts, locations, and decisions. It preserves the access rules of each source investigation, so analysts see only the tracks they are cleared to view while still gaining a coherent picture of activity across the cases they are authorised to handle.
Key Features#
- Entity-Centred Case Discovery: Find investigations linked to a person, organisation, device, vehicle, location, account, or other entity.
- Multi-Track Presentation: Separate tracks keep case milestones, evidence events, alerts, location observations, and analyst decisions readable without flattening them into one noisy list.
- Access-Preserved Views: Every track is filtered through the source investigation's membership, clearance, and case visibility controls.
- Deconfliction Support: Analysts can identify where two teams are unknowingly working the same subject, vehicle, account, or location.
- Temporal Pattern Review: Detect bursts, gaps, recurring cycles, and event order across otherwise separate investigations.
- Briefing-Ready Output: Export a timeline summary for supervisors, tasking meetings, disclosure preparation, or operational briefings.
- Evidence Linkage: Timeline events preserve links back to their source evidence and case records so reviewers can move from pattern to underlying material.
Use Cases#
- Organised Crime Deconfliction: Two regional teams discover that the same vehicle and phone number appear in separate investigations and coordinate activity before compromising each other.
- Safeguarding Escalation Review: Analysts review incidents, visits, referrals, and evidence across several cases involving the same vulnerable person.
- Financial Crime Patterning: Investigators align account activity, device use, reports, and interviews across related fraud matters.
- Public Order Intelligence: Commanders see how individuals, locations, and events recur across incidents before planning a high-risk operation.
- Briefing Preparation: A senior investigator receives a concise multi-track chronology instead of manually assembling dates from multiple case files.
Integration#
The timeline connects to case management, entity profiles, evidence provenance, alerting, geospatial history, profile briefing, export packaging, and role-based access control. It is not a global search bypass. It is an authorised analytical view that respects the source rules of every contributing case.
Open Standards#
- ISO 8601: Timeline events and date filters use standard date-time formatting for unambiguous ordering.
- W3C PROV-DM: Event lineage can be represented as activities, entities, and agents for review and export.
- GeoJSON, RFC 7946: Location-linked events can carry standard geographic geometry for mapping and spatial review.
- STIX 2.1: Threat intelligence entities and observations can align with STIX object conventions where cyber or intelligence cases are involved.
- Traffic Light Protocol, FIRST: Information sharing labels can be applied to timeline outputs that leave the originating team.
- OAuth 2.0 and JWT Bearer Token: Authenticated context enforces organisation, role, and case visibility controls.
Last Reviewed: 2026-06-26 Last Updated: 2026-06-26