Forensic Ninja

From Visual Analytics for Business Intelligence
Jump to navigation Jump to search
GroupLogo.png

PROPOSAL

POSTER

APPLICATION

REPORT

Problem and Motivation

Benford’s Law has been widely used by forensic data analysts to detect anomalies or possible fraudulent activities in an organisation. However, in the world of information, majority of the data are textual fields. For example, in an accounts payable, 70% of the data are textual data whereas only 10% of the data are numerical fields (Lanza, 2016).


Furthermore, fraudsters tend to work in groups rather than relying on their own. In 2015, 62 percent of fraudsters colluded with others (KPMG International, 2016). As 74 percent of the fraud is perpetrated by internal staff or a collusion between internal staff and external parties (KPMG International, 2016), this highlights the need for complex tools for fraud examiners to not only analyse available textual data of the firm but also visualise the interactivity among employees of an organisation.


As email is one of the preferred modes of business communication in an organisation, analysing emails can help to uncover any potential red flags in the organisation structure or culture. By using GAStech organisation email exchanges as a case study, we seek to analyse the connectivity and frequently discussed topics among employees of an organisation.

Objectives

In this project, we seek to build an interactive visualisation application that helps users to analyse connectivity and frequently discussed topics among employees of an organisation. This allows users to better visualise the organisation structure and interactivity among the employees that might suggest potential wrongdoings.


By using GAStech organisation email exchanges as a case study, the application aims to help users the following:

  • Understand GAStech organisational structure
  • Analyse frequently discussed topics among GAStech employees

Data Source

The dataset that will be used in this project can be retrieved from VAST Challenge 2014.
It mainly consists of GAStech employee records and email headers from two weeks of internal GAStech company email.

References to Related Work

Screenshots What we can learn

Parallel Coordinates of Employee Characteristics Forensic Ninja ParallelVizTianjin.png
Source:Link.Write-up:Link

  • Use of parallel coordinates to visualise common characteristics among employees
  • Some of the common characteristics observed are the employees who went to military service together, which military branch they were in and how they obtained their citizenship
  • However, the visualisation can be further improved by utilising more charts in the application and making it less wordy
Visualization of social network formed from 60,000 emails from personal archive
Forensic NinjaChord Diagram.PNG
Source:Link
  • Use of chord diagram to better visualise the connectivity among senders and recipients
  • Use of time filter at the bottom to visualise how the connectivity has changed over time
  • However, one colour of different intensity should be used instead of using different colours to represent the number of email exchanges between two parties since only positive numbers are observed in the dataset
Thinkers’ perspectives with regards to topics discussed
Forensic Ninja Concept Map.png
Source:Link
  • Use of concept map to better visualise a thinker’s perspective based on topics discussed
  • Appropriate highlighting when the user hover over the list of names in the middle of the diagram
  • Use of appropriate animation and filters to allow users to further analyse the characteristics of the person that they are interested in
  • However, user friendliness can be further improved by providing a clear and more convenient way for users to get back to the initial concept map after analysing a certain thinker
ASTRI Entry for VAST2014 MC1
Forensic Ninja ConnectionsBetweenPOKandGasTech.jpg
Source:Link

This displays the potential connection between GASTech Company and POK, a revolutionary force. This form of (Social Networks) Graph Visualisation can display how the two separate organisations are connected, and may shed light on how the kidnapping of the employees took place.


Storyboard

Potential End Product Description
Forensic Ninja ConnectionsBetweenPOKandGasTech.jpg ASTRI Entry for VAST2014 MC1.

Source: Link

This displays the potential connection between GASTech Company and POK, a revolutionary force. This form of (Social Networks) Graph Visualisation can display how the two separate organisations are connected, and may shed light on how the kidnapping of the employees took place.

Forensic Ninja VAST2014MC1EntrybyASTRO.jpgKBSI VAST2014 MC1 Entry Source:Link

This is the timeline for the events occurring on 20 January 2014 based from key words from the email headers and news articles. For our project, this can be done for specifically the email headers. Features such as a date slider can narrow down specific dates. The size of the words represent the frequency of the words mentioned in the emails. The timeline is in chronological order of when the email was sent.

Key Technical Challenges

1. Merging of Two Different Datasets
We will be working on two datasets, namely Employee Records and Email Headers. There is a need to have a connection created between the two databases so that it can be used effectively and simultaneously. A possible solution to this would be to link the two databases by using the Email address information column that is both available in the two databases.

2. Unfamiliarity with Programming Language
The final deliverable of this project requires us to publish our visualisations using D3.js which involve javascript coding, D3 library, HTML and CSS. Our group has started learning these programming languages and library recently. As our group members are from non-coding background, there is a steep learning curve. To bridge the gap between the expectations of the project and our programming ability, we will be looking into the published D3 visualizations code and learn best practices from these visualisations. This allow us to better understand the logic of the code and be able to use it to make our visualisations more interactive and meaningful to the end user.

3. Topic Modelling
In this dataset, it consists of large volume of unlabelled email headers. Different words are used even though they have similar meaning and theme. Thus, one of the first few steps of data preparation is to automatically classify the email headers into different themes. Due to our group’s unfamiliarity with programming language, we will be utilising commercial off the shelf tools such as JMP to help us in Topic Modelling instead of using Python.

Project Schedule

Forensic Ninja Timeline.PNG

References

  1. KPMG International. (2016). Global profiles of the fraudster: Technology enables and weak controls fuel the fraud. Retrieved from: https://assets.kpmg.com/content/dam/kpmg/pdf/2016/05/profiles-of-the-fraudster.pdf
  2. Lanza, R. B. (2016, March). Blazing a trail for the Benford' s Law of words, part 1. Retrieved from: http://www.fraud-magazine.com/article.aspx?id=4294991850

Our Team

Group 13
1. Lim Hui Ting
2. Jonathan Eduard Chua Lim

Comments