Knogin
[Developers]

Investigation Management & WebGL Graph Visualisation

When an analyst is building a case around a suspected fraud syndicate, dozens of entities appear across disparate sources: bank accounts, registered companies, mobile numbers, social contacts, and seized devices. The Web

Back to All Modules
Category: InvestigationLast Updated: May 26, 2026
investigationcompliance

Overview#

When an analyst is building a case around a suspected fraud syndicate, dozens of entities appear across disparate sources: bank accounts, registered companies, mobile numbers, social contacts, and seized devices. The WebGL Graph Visualisation module renders all of these entities and their relationships as an interactive, navigable network directly in the browser, allowing the analyst to spot structural patterns such as hub-and-spoke money flows or tightly connected communication clusters within seconds rather than hours.

The module is part of the broader Investigation Management suite, which covers the full case lifecycle from initial intake through evidence linking, status tracking, and reporting. The graph layer is powered by GPU-accelerated WebGL rendering and backed by a graph database, meaning networks of tens of thousands of nodes remain fluid and responsive. Role-based access controls ensure that each analyst sees only the entities and connections they are authorised to view, enforcing need-to-know at the graph level rather than just at the record level.

Key Features#

  • GPU-Accelerated Rendering: WebGL rendering handles graphs of tens of thousands of nodes and edges at interactive frame rates without browser lag, enabling large-scale network analysis in the browser.
  • Entity Link Analysis: Automatically surfaces relationships between persons, organisations, accounts, devices, and events, drawing edges that reflect the type and strength of each connection.
  • Incremental Graph Expansion: Analysts can expand any node to fetch its neighbours on demand, keeping the initial view focused while allowing deep traversal of a network one step at a time.
  • Dynamic Filtering and Clustering: Nodes can be filtered by entity type, relationship class, date range, or risk score, and automatically clustered to expose community structures within a network.
  • Case Lifecycle Tracking: Investigation notes, evidence links, status transitions, and task assignments are managed within the same workspace, keeping graph context and case administration together.
  • Pinned Exhibits: Analysts can pin any subgraph view or cluster as a numbered case exhibit that persists in the investigation record and can be embedded directly in reports.
  • Role-Based Graph Visibility: Access controls are applied at the entity and relationship level so that each analyst's rendered graph reflects only the data they hold clearance to view.
  • Audit Trail: Every graph query, node expansion, and exhibit creation is logged with a timestamp and user identity, supporting chain-of-custody requirements for digital evidence.

Use Cases#

  • Organised Crime Networks: Mapping syndicate structures, front companies, and inter-personal communication links to identify leadership hierarchies and operational compartments.
  • Financial Fraud and Money Laundering: Tracing fund flows across multiple accounts, currencies, and jurisdictions to visualise layering and integration stages of a laundering scheme.
  • Cyber Incident Attribution: Correlating infrastructure nodes such as IP addresses, domains, and malware samples to attribute an intrusion campaign to a known threat actor or cluster.
  • Counter-Terrorism Financing: Identifying indirect funding paths between nominally unrelated entities that converge on a subject of interest, including shell-company chains and hawala intermediaries.
  • Cross-Border Trafficking Investigations: Visualising logistics networks, transit routes, and contact chains spanning multiple law enforcement jurisdictions within a single shared graph workspace.

Integration#

The module connects to a Neo4j graph database to retrieve relationship data, enabling traversal queries that would be impractical against a purely relational store. It operates alongside the platform's evidence management, case management, and reporting modules, so that an analyst can move seamlessly from a graph view to the underlying digital evidence, back to a case note, and out to a formatted PDF or structured data export, all without leaving the investigation workspace. Authentication and authorisation are handled by a central identity layer supporting single sign-on, so existing agency directory credentials grant access without a separate login.

Open Standards#

  • GraphQL: The graph query interface is exposed as a GraphQL API, giving clients a typed, self-documenting schema for requesting exactly the entity and relationship fields required for each view.
  • SPARQL (W3C): Graph data can be queried and exported using SPARQL, enabling interoperability with RDF knowledge graphs and semantic web tooling used by partner agencies.
  • JSON-LD (W3C): Entity data is serialised as JSON-LD, embedding semantic context so that records exchanged with external systems carry unambiguous meaning without reliance on shared schema conventions.
  • STIX 2.1 (OASIS): Threat intelligence objects including threat actors, campaigns, and indicators of compromise can be imported and exported in STIX 2.1 format, aligning with established CTI sharing practices.
  • TAXII 2.1 (OASIS): STIX bundles are exchangeable over TAXII 2.1 collections, enabling automated bi-directional sharing with national and sector ISAC feeds.
  • ISO/IEC 27001: Access control, audit logging, and evidence handling within the investigation workspace are aligned with ISO/IEC 27001 information security management requirements.
  • ETSI TS 103 120: Lawful disclosure and handover of investigation packages follows the ETSI handover interface specification, supporting admissibility requirements in EU member-state jurisdictions.
  • CJIS Security Policy (FBI): The module's authentication, audit, and encryption controls are aligned with CJIS Security Policy requirements for criminal justice information systems.

Availability#

  • Enterprise Plan: Included
  • Professional Plan: Available as an add-on; graph size and concurrent investigation limits apply.

Last Reviewed: 2026-05-26

Ready to Build?

Get started with our APIs or contact our integration team for support.