Tuesday, May 28, 2013

Developing PRISM: The Journey from a Concept to Version 1

Due to the increasing usage of social media, it has become essential to collect open source information for investigations, intelligence, and legal proceedings. Federal agencies like the FBI and FEMA have begun to embrace the power of social media data for investigations, situational awareness, and disaster response. The NYPD launched its social media unit in 2011 and has since used social media data to identify murderers and gang activity and curtail juvenile crime. Similarly, both criminal and civil court cases have increasingly utilized social media data for eDiscovery. While the willingness to harness the power of social media data is growing, not every organization has access to the tools necessary to conduct thorough open source social media research and analysis. Our need for a more efficient social media research and analysis tool initiated the development of PRISM.

The Creation of PRISM

Before discussing the tool, it is important to understand CES as a company. CES is a professional firm which provides analytical, investigative, intelligence, and eDiscovery services to both the public and private sector. The primary focus of our business is fraud investigations. The company’s leadership and investigators come from a diverse array of intelligence and investigative backgrounds, including the FBI, DEA, OIG, NCIS, and federal and local law enforcement agencies. These individuals are a rich source of expertise on matters ranging from healthcare fraud to organized crime to computer and network forensics. To support their work, our analysts are trained experts in fusing together disparate data sources, such as public records, news media, and social media data. We combine this data to identify individuals, build networks, and monitor and track emerging and current threats using our data FUSION approach.


In order to provide our core services and enhance our data FUSION capabilities, CES President Carl Florez determined CES investigators and analysts needed a more efficient way to conduct open source research and analysis across various social media platforms. In July 2012, he assigned the task of developing a new tool to Project Manager and Legal Counsel Blake Haase. The goal was to create a tool which adhered to current legal standards and decreased the manual search time expended gathering open source social media data. After many rounds of testing and tool changes, the first version of PRISM was completed in March 2013.

PRISM V1.0

At the end of development, the result was PRISM V1.0. PRISM is an API-driven (Application Programming Interface) browser-based social media research and analysis tool. It allows investigators and analysts to search across 24 social media, blog-based, and news-based sites. PRISM decreases the labor-intensive processing time spent identifying social media profiles and relevant data sources. These custom search results can be saved for future use with an assigned hash value for authentication purposes. After individual social media account profiles are identified, usernames can be entered into the tool for an API-based profile search.

PRISM pulls publicly available API profile data from nine popular US social media sites. The API profile search quickly populates individual and organizational profiles with a wealth of data for filtering and analysis. These results are automatically saved with available metadata and are hashed for authentication. The available metadata information typically includes date, time, unique identification, and geo-location data. All of these results can be exported into three formats for additional analysis outside of the tool and for reporting purposes. Once these searches are saved in the system, analysts have the ability to compare connections between individuals, plot geo-location data, and obtain word counts.

The Future of PRISM

Currently, PRISM is used by CES’ investigators and analysts to provide services to our customers. Select law enforcement agencies are also testing the tool and providing valuable feedback for future development. Social media open source data has become an integral part of CES’ day-to-day and future operations. As the company expanded into the social media realm, we realized a need for continuous evaluation of social media sites, trends, and changes in data structures and laws. By being abreast of these trends, we can modify our data FUSION process and further develop PRISM.

In response to the rapidly changing social media landscape, CES is beginning the development of PRISM V2. It is our goal to enhance our work product by tweaking the tool to make it easier to use, adding new features to capture additional relevant data, and enhancing the tool’s built-in analytical capabilities. Throughout the development of V2, CES will be focused on creating a more comprehensive solution to meet the needs of our clients and testers.

Learning Together

The CES PRISM blog is the place where we share the newest developments in social media sites and tools, data analytics, eDiscovery, investigations, and intelligence. We will also share workflow tips and tricks, case studies, and the developmental progress of PRISM. Our goal is to open a dialogue with the community which allows all of us to learn together.

Have any ideas, questions, or comments? Drop us a line by contacting CES’ resident blogger, Melody Ross.

About CES PRISM Blog

My photo
The CES PRISM blog is the place where CES shares the newest developments in social media sites and tools, data analytics, eDiscovery, investigations, and intelligence. We will also share workflow tips and tricks, case studies, and the developmental progress of our open source social media research and analysis tool, PRISM. Our goal is to open a dialogue with the community which allows all of us to learn together.