System and method for sharing investigation results
First Claim
1. A computer-implemented method, comprising:
- selecting a subset of data objects from a base copy for use with a first investigation;
creating a first instance of graph state information based on the subset of data objects included in the base copy and including a graph having nodes representing the subset of data objects and edges representing relationships between the subset of data objects;
causing, based on the first instance of graph state information, a visualization of the first instance of graph state information in association with the first investigation;
receiving first input to modify information associated with at least one data object of the subset of data objects;
receiving information that identifies a set of targets that are allowed to assist in the first investigation, and in response, determining a common access control level for the set of targets;
automatically creating a second instance of graph state information based on the first instance of the graph state information and based on the common access control level for the set of targets;
before allowing the set of targets to access the second instance of graph state information, causing a visualization of the second instance of graph state information;
receiving an acceptance of the visualization of the second instance of graph state information, and in response, publishing the second instance of graph state information to a graph repository and then allowing the set of targets access to the published second instance of graph state information.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer-based investigative analysis system is disclosed in which a user can share results of an investigation with other users in a way that allows the sharing user to visualize how the results will be shared before they are shared. The results are shared in the form of a visual graph having nodes, edges, and other presentation elements. The nodes represent data objects that are the subject of the investigation and the edges represent connections between the data objects. The graph is shared in the form of an automatically generated redacted graph omitting nodes, edges, and presentation elements for which the other users do not have permission to view. Before sharing the graph, the sharing user is presented with a visualization of the automatically generated redacted graph providing the user an opportunity to confirm that sharing the redacted graph will not constitute an unauthorized information leakage.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
selecting a subset of data objects from a base copy for use with a first investigation; creating a first instance of graph state information based on the subset of data objects included in the base copy and including a graph having nodes representing the subset of data objects and edges representing relationships between the subset of data objects; causing, based on the first instance of graph state information, a visualization of the first instance of graph state information in association with the first investigation; receiving first input to modify information associated with at least one data object of the subset of data objects; receiving information that identifies a set of targets that are allowed to assist in the first investigation, and in response, determining a common access control level for the set of targets; automatically creating a second instance of graph state information based on the first instance of the graph state information and based on the common access control level for the set of targets; before allowing the set of targets to access the second instance of graph state information, causing a visualization of the second instance of graph state information; receiving an acceptance of the visualization of the second instance of graph state information, and in response, publishing the second instance of graph state information to a graph repository and then allowing the set of targets access to the published second instance of graph state information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer system, comprising one or more processors and one or more non-transitory data storage media coupled to the one or more processors and storing sequences of instructions which when executed by the one or more processors cause performing:
-
selecting a subset of data objects from a base copy for use with a first investigation; creating a first instance of graph state information based on the subset of data objects included in the base copy and including a graph having nodes representing the subset of data objects and edges representing relationships between the subset of data objects; causing, based on the first instance of graph state information, a visualization of the first instance of graph state information in association with the first investigation; receiving first input to modify information associated with at least one data object of the subset of data objects; receiving information that identifies a set of targets that are allowed to assist in the first investigation, and in response, determining a common access control level for the set of targets; automatically creating a second instance of graph state information based on the first instance of the graph state information and based on the common access control level for the set of targets; before allowing the set of targets to access the second instance of graph state information, causing a visualization of the second instance of graph state information; receiving an acceptance of the visualization of the second instance of graph state information, and in response, publishing the second instance of graph state information to a graph repository and then allowing the set of targets access to the published second instance of graph state information. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification