Knogin
[Developers]

Phone

A phone number recovered from a seized device is often the fastest thread to pull in an investigation: it links to a carrier, a line type, a country of origin, and potentially to other persons and cases. The Phone domain

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscompliance

Overview#

A phone number recovered from a seized device is often the fastest thread to pull in an investigation: it links to a carrier, a line type, a country of origin, and potentially to other persons and cases. The Phone domain stores and validates those numbers, enriches them with carrier and line type data, and attaches them to the broader investigation graph.

Key Features#

  • Phone number storage with unique system-generated identifiers
  • Number validation for E.164 format compliance and appropriate digit count
  • Country code detection and international prefix parsing
  • Carrier identification and service provider lookup
  • Line type detection: mobile, landline, VOIP, toll-free, and premium
  • Investigation linking for case association
  • Extended phone profiles with threat level and secrecy level classification
  • Graph-based connections to persons and other entities
  • Analyst notes and metadata attachment

Use Cases#

Relevant sectors include law enforcement, financial crime investigation, and intelligence agencies.

  • Storing and validating phone numbers encountered during investigations
  • Identifying carrier and line type information for attribution analysis
  • Linking phone numbers to person profiles and investigation cases
  • Building communication pattern analysis through phone entity relationships

Integration#

The Phone domain connects with person profiles, the base profile system, investigation management, and contact information services.

Open Standards#

  • ITU-T E.164: Phone numbers are stored, validated, and exchanged exclusively in E.164 international format, ensuring a globally unambiguous 15-digit representation including country code and subscriber number.
  • ITU-T E.123: National and international presentation formats defined by E.123 are used when producing human-readable formatted numbers alongside the canonical E.164 storage form.
  • ISO 3166-1 alpha-2: Country codes attached to phone number profiles follow the two-letter ISO 3166-1 alpha-2 standard, enabling consistent country attribution across investigations.
  • GraphQL (June 2018 Specification): All phone record queries and mutations are served through a strongly-typed GraphQL API, allowing clients to request exactly the fields they need in a single round-trip.
  • Traffic Light Protocol (TLP): Each phone number profile carries a secrecy level mapped to TLP markings (WHITE, GREEN, AMBER, RED), enabling consistent handling and sharing controls aligned with FIRST TLP guidance.
  • RFC 4122 (UUID): Every phone record is assigned a system-generated version 4 UUID as its primary identifier, providing collision-resistant, globally unique references for investigation graph links.
  • RFC 7519 (JSON Web Token): API access to the phone domain is governed by JWT-based bearer authentication, with every query and mutation requiring a valid, tenant-scoped token before execution.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.