The Creation of PRISM
Before discussing the tool, it is important to understand CES as a company. CES is a professional firm which provides analytical, investigative, intelligence, and eDiscovery services to both the public and private sector. The primary focus of our business is fraud investigations. The company’s leadership and investigators come from a diverse array of intelligence and investigative backgrounds, including the FBI, DEA, OIG, NCIS, and federal and local law enforcement agencies. These individuals are a rich source of expertise on matters ranging from healthcare fraud to organized crime to computer and network forensics. To support their work, our analysts are trained experts in fusing together disparate data sources, such as public records, news media, and social media data. We combine this data to identify individuals, build networks, and monitor and track emerging and current threats using our data FUSION approach.
In order to provide our core services and enhance our data FUSION capabilities, CES President Carl Florez determined CES investigators and analysts needed a more efficient way to conduct open source research and analysis across various social media platforms. In July 2012, he assigned the task of developing a new tool to Project Manager and Legal Counsel Blake Haase. The goal was to create a tool which adhered to current legal standards and decreased the manual search time expended gathering open source social media data. After many rounds of testing and tool changes, the first version of PRISM was completed in March 2013.
At the end of development, the result was PRISM V1.0. PRISM is an API-driven (Application Programming Interface) browser-based social media research and analysis tool. It allows investigators and analysts to search across 24 social media, blog-based, and news-based sites. PRISM decreases the labor-intensive processing time spent identifying social media profiles and relevant data sources. These custom search results can be saved for future use with an assigned hash value for authentication purposes. After individual social media account profiles are identified, usernames can be entered into the tool for an API-based profile search.
PRISM pulls publicly available API profile data from nine popular US social media sites. The API profile search quickly populates individual and organizational profiles with a wealth of data for filtering and analysis. These results are automatically saved with available metadata and are hashed for authentication. The available metadata information typically includes date, time, unique identification, and geo-location data. All of these results can be exported into three formats for additional analysis outside of the tool and for reporting purposes. Once these searches are saved in the system, analysts have the ability to compare connections between individuals, plot geo-location data, and obtain word counts.
The Future of PRISM
Currently, PRISM is used by CES’ investigators and analysts to provide services to our customers. Select law enforcement agencies are also testing the tool and providing valuable feedback for future development. Social media open source data has become an integral part of CES’ day-to-day and future operations. As the company expanded into the social media realm, we realized a need for continuous evaluation of social media sites, trends, and changes in data structures and laws. By being abreast of these trends, we can modify our data FUSION process and further develop PRISM.
In response to the rapidly changing social media landscape, CES is beginning the development of PRISM V2. It is our goal to enhance our work product by tweaking the tool to make it easier to use, adding new features to capture additional relevant data, and enhancing the tool’s built-in analytical capabilities. Throughout the development of V2, CES will be focused on creating a more comprehensive solution to meet the needs of our clients and testers.
The CES PRISM blog is the place where we share the newest developments in social media sites and tools, data analytics, eDiscovery, investigations, and intelligence. We will also share workflow tips and tricks, case studies, and the developmental progress of PRISM. Our goal is to open a dialogue with the community which allows all of us to learn together.
Have any ideas, questions, or comments? Drop us a line by contacting CES’ resident blogger, Melody Ross.