Link analysis is an investigative technique for discovering and visualizing connections between people, organizations, locations, events, and other entities. By mapping these relationships visually, investigators can uncover patterns and connections that would be invisible in documents, spreadsheets, or databases.

This guide covers link analysis fundamentals, techniques, and tools for investigators, analysts, and researchers.

What is Link Analysis?

Link analysis examines relationships between entities to discover:

  • Direct connections - Who knows whom? Who worked where?
  • Indirect connections - How are two seemingly unrelated people connected through intermediaries?
  • Patterns - What relationships repeat? What structures emerge?
  • Anomalies - What connections are unexpected or suspicious?
  • Key players - Who sits at the center of the network?

The output is typically a visual network diagram showing entities as nodes and relationships as links (edges) between them.

Who Uses Link Analysis?

Law Enforcement

Criminal investigations use link analysis to map criminal networks, trace communication patterns, connect suspects to crimes, and identify associates.

Financial Investigators

Fraud detection, money laundering investigations, and compliance teams use link analysis to trace transaction flows, identify shell companies, and uncover hidden ownership structures.

Intelligence Analysts

National security and corporate intelligence teams map organizational structures, influence networks, and communication patterns.

Corporate Investigators

Internal investigations, due diligence, and compliance teams map employee relationships, vendor connections, and potential conflicts of interest.

Journalists

Investigative journalists use link analysis to map sources, trace document provenance, and visualize complex stories involving multiple actors.

Consultants and Analysts

Management consultants and business analysts map stakeholder relationships, organizational structures, and influence networks within client organizations.

Link Analysis Techniques

1. Entity Extraction

The first step is identifying entities from your source materials:

  • People - Names, aliases, roles
  • Organizations - Companies, departments, groups
  • Locations - Addresses, cities, venues
  • Events - Meetings, transactions, incidents
  • Objects - Vehicles, accounts, documents
  • Communications - Calls, emails, messages

2. Relationship Identification

For each pair of entities, determine if and how they're related:

  • Employment - works for, manages, reports to
  • Ownership - owns, controls, has stake in
  • Family - married to, parent of, sibling of
  • Association - knows, met with, communicated with
  • Transaction - paid, received from, transferred to
  • Location - visited, lives at, works at

3. Network Construction

Build the visual network by:

  • Creating a node for each entity
  • Drawing links between related entities
  • Labeling links with relationship types
  • Adding attributes (dates, confidence levels, sources)

4. Network Analysis

Analyze the network structure to find insights:

  • Centrality - Which nodes have the most connections?
  • Clusters - Which nodes group together?
  • Bridges - Which nodes connect different clusters?
  • Paths - How are distant nodes connected?
  • Gaps - Where are connections missing or unclear?

Link Analysis Best Practices

Start with a Clear Question

What are you trying to discover? "How is Person A connected to Company B?" is more actionable than "Map everything about this case." Clear questions focus your analysis.

Document Your Sources

Every link in your network should trace back to a source. "Per phone records, 3/15" or "Interview with witness, Exhibit 4." Source documentation is essential for credibility and follow-up.

Mark Confidence Levels

Not all connections are equally certain:

  • Confirmed - Documentary evidence or direct observation
  • Suspected - Multiple indicators or reliable sources
  • Uncertain - Single source or inference

Include Temporal Information

Relationships change over time. Note when relationships existed, when events occurred, and how the network evolved. Past connections may be as important as current ones.

Look for What's Missing

Absence of expected connections can be as revealing as their presence. Why don't these two people seem connected? Why is there no communication during this period?

Iterate and Refine

Link analysis is iterative. As you discover new information, update the network. As patterns emerge, dig deeper. The first version is never the final version.

Common Link Analysis Patterns

Hub and Spoke

One central entity connects to many others, but those others don't connect to each other. Common in hierarchical organizations or when one person is a key intermediary.

Clusters

Groups of tightly connected entities with fewer connections to other groups. May indicate teams, factions, or separate operations.

Chains

Linear sequences of connections. Common in transaction flows or communication chains where information or money passes through intermediaries.

Triangles

Three entities all connected to each other. Strong triangles often indicate close relationships or collaboration.

Brokers

Entities that connect otherwise separate clusters. Brokers often have disproportionate influence because they control information flow between groups.

Link Analysis Software

Several categories of tools support link analysis:

Purpose-Built Investigation Tools

  • Redstrings - Visual investigation boards with relationship mapping, local-first privacy
  • i2 Analyst's Notebook - Enterprise investigation platform, expensive
  • Maltego - OSINT-focused, technical learning curve

General Network Visualization

  • Gephi - Open source, powerful but complex
  • yEd - Free graph editor
  • Kumu - Web-based network mapping

Key Features to Look For

  • Easy node and link creation
  • Labeled relationships (not just lines)
  • Entity categorization (people, orgs, places)
  • Search and filter capabilities
  • Privacy (local storage for sensitive investigations)

Why Redstrings for Link Analysis?

Redstrings is built for visual investigation and relationship mapping:

  • Entity types - Person, Team, Artifact, Process, Place, Event, Note
  • Labeled connections - Every link has a relationship type
  • Confidence levels - Mark connections as confirmed, suspected, uncertain
  • Source tracking - Document where each connection came from
  • 100% local - Sensitive investigation data stays on your machine
  • Visual investigation board - See the full network at a glance

Unlike complex enterprise tools, Redstrings is designed to be intuitive. Create nodes, draw connections, and start seeing patterns immediately.

Download Redstrings free and start your link analysis.