Knogin
[Developers]

Investigation Notes and Annotations

Investigations are not just collections of evidence; they are collections of thinking. An analyst who spent four hours tracing a beneficial ownership chain has knowledge that is not captured anywhere in the transaction d

Back to All Modules
Category: InvestigationLast Updated: Feb 5, 2026
investigationai

Overview#

Investigations are not just collections of evidence; they are collections of thinking. An analyst who spent four hours tracing a beneficial ownership chain has knowledge that is not captured anywhere in the transaction data. If that analyst leaves the case, transfers to a different team, or simply moves on to the next alert without writing it down, that reasoning disappears. The Notes and Annotations module ensures it does not, giving investigators a structured, searchable, and auditable place to document every finding, hypothesis, decision, and hand-off note throughout a case.

The system covers the full range of documentation needs in financial crime investigations, AML case management, law enforcement detective work, and corporate fraud: from quick inline annotations on individual evidence items to structured decision logs that satisfy regulatory examination requirements.

Key Features#

  • Multi-Type Note System: Seven note types including investigation notes, evidence annotations, timeline comments, suspect profiles, analytical findings, external communications, and decision logs support comprehensive case documentation.
  • Note Threading: Conversation chains track analytical evolution with threaded discussions that link related observations, hypotheses, and conclusions across investigation timelines.
  • Collaborative Co-Authoring: Real-time collaborative editing with low-latency synchronisation enables multiple analysts to contribute to shared documentation simultaneously.
  • Advanced Search: AI-powered search across multiple metadata dimensions locates relevant notes rapidly, with content indexing, tag filtering, author filtering, and temporal search capabilities.
  • Evidence-Linked Annotations: Notes and annotations attach directly to specific evidence items, entities, transactions, and graph elements, providing contextual documentation at the point of analysis.
  • Rich Content Support: Markdown rendering with security-hardened parsing supports formatted text, tables, code blocks, images, and embedded references within investigation notes.
  • Version History: Complete version tracking for all notes preserves edit history, enabling investigators to review the evolution of analytical thinking over time.
  • Classification and Tagging: Configurable classification schemes and tagging systems organise notes by investigation phase, topic, priority, and custom categories for efficient retrieval.
  • Access Controls: Role-based visibility controls manage note access at the investigation, team, and individual level, with support for restricted and privileged content categories.

Use Cases#

  • Investigation Documentation: Analysts document findings, observations, and analytical reasoning throughout the investigation lifecycle, creating a comprehensive record of investigative work product.
  • Team Knowledge Sharing: Collaborative notes enable investigation teams to share insights, coordinate analysis efforts, and build on each other's findings across shifts and geographic locations.
  • Decision Logging: Decision logs capture key investigation decisions with supporting rationale, enabling quality assurance reviews and regulatory examination documentation.
  • Evidence Annotation: Contextual annotations on evidence items, transactions, and entity profiles provide analytical commentary that enriches the investigation record.
  • Investigation Handoff: Comprehensive note histories enable seamless transitions when investigations transfer between analysts or teams, preserving institutional knowledge and analytical context.
  • Audit and Compliance: Complete, timestamped documentation of investigative activities satisfies regulatory requirements for investigation record-keeping and supervisory review.

Integration#

The Investigation Notes and Annotations module integrates with the platform's case management, evidence management, timeline tracking, and reporting systems. Notes appear contextually within investigation interfaces, evidence viewers, and graph visualisations. Search results include relevant notes alongside other investigation artifacts, and note content can be incorporated into investigation reports and regulatory filings through the reporting module.

Open Standards#

  • GraphQL (June 2018 Specification): all note and annotation create, read, update, and delete operations are exposed through a typed GraphQL API using Strawberry, with strongly-typed queries, mutations, and response wrappers.
  • OAuth 2.0 (RFC 6749) / JSON Web Tokens (RFC 7519): every note endpoint enforces bearer-token authentication; access tokens are RS256-signed JWTs validated by the IsAuthenticated permission class before any note data is returned or written.
  • CommonMark (Markdown specification): notes carry a markdown_enabled flag and the module explicitly supports rich Markdown rendering, including formatted text, tables, code blocks, and embedded references within investigation notes.
  • RFC 4122 (UUID): every note, annotation, and tag record is assigned a version 4 UUID as its primary identifier, ensuring globally unique, collision-resistant entity references.
  • ISO 8601: all note timestamps (created_at, updated_at) are stored as timezone-aware UTC datetimes and serialised to ISO 8601 format for API responses and audit records.
  • W3C SCXML / BPMN 2.0 (OMG): the investigation lifecycle state machine that governs note-bearing investigations is modelled against the W3C State Chart XML (SCXML) recommendation and BPMN 2.0, with immutable audit records written for every state transition.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.