"Machines" and "Transforms"
Maltego Carbon enables two general categories of searches: “machines” and “transforms.” “Machines” refer to a sequence of code which enables targeted data extractions from the Web and Internet. “Transforms” are a sequence of code which “transforms” one type of electronic data to other types, thus extending the value of the extracted information.
Types of “Machines”
(Note: A "Tweet Analyzer" Machine enables the extraction of particular messaging from trending text messages in Twitter. A built-in sentiment analyzer indicates whether the trending tone of the conversation is positive, negative, or neutral; this analyzer uses the Alchemy API. This tool enables some types of disambiguation of terms. In this example, "race" refers to the social construct; it also refers to horse "races.")
To provide an overview, there are ten different types of “machines.” A “company stalker” data extraction acquires email addresses at a domain and strives to see which emails are related to social networks. It also acquires documents from the domain and extracts metadata from those documents. The “Find Wikipedia Edits” machine uses a basic Wikipedia article as a base to analyze the edits applied to that. Domains may also be “footprinted” at varying levels (L1 – L3); these machines extract information about the technological understructure for the various domains (.com, .gov, .net, .info, and others). The L1 is a fast domain footprinting. The L2 provides a mid-sized domain footprint. The L3 footprint captures “built with” technologies used to build a domain. The “Person-Email Address” searches the Internet to see where person-based email addresses are used. The “Prune Leaf Entities” helps filter information through enabling the deleting of particular parts of a network graph. A "Tweet Analyzer" enables the search for a keyword or phrase or #hashtag trending on Twitter; this contains a built-in sentiment analyzer that suggests whether the trending conversations are positive, negative, or neutral (based on the Alchemy API). A “Twitter Digger” uses either a phrase or name as a Twitter alias to capture information about that Twitter account and related information on the Internet. A “Twitter Geo Location” extraction uses multiple methods to try to geolocate (connect online data to a physical location on Earth) the place of the person / group / entity (or robot, or sensor) behind a Twitter social media account.
A “Twitter Monitor” is designed to monitor “Twitter for hashtags, and named entities mentioned aorund a certain phrase.” (There does seem to be a problem with the OAuth for this particular feature.) Finally, the “URL to Network and Domain Information” links a URL to network and domain information.
Oftentimes, the “machines” alone are incomplete. They often require the addition of a number of “transforms” for meaningful information.
Types of “Transforms”
“Transforms” are ways that one type of information (email, phone number, URL, photo, document, phrases, names, locations, and such)…may be transformed into other types of information. This capability enables a kind of datamining through the substitution of multiple types of information for other types. Transforms are often added by right-clicking on an entity that has been identified using a “machine” in the main graph pane. From there, a dropdown menu may be accessed with options for various transforms.
Another approach involves starting with a particular type of entity “seed” and conducting transforms on that seed. For this type, it helps to begin with the Component Palette on the left side of the graph pane. [As with the other window elements, this may be “floated” (set to be free-floating and movable) or docked to the workspace (attached to any part of the rectangular work space.]
The general categories and functions of Maltego "transforms" are as follows.
Devices: deviceInfrastructure: AS, DNS name, domain, IPv4 address, MX record, NS record, Netblock, URL, websiteLocations: circular area, GPS coordinates, locationPenetration testing: BuiltWith technologyPersonal: alias, document, email address, image, person, phone number, phrase, sentimentSocial network: Facebook object, Twit, affiliation-Facebook, affiliation-Twitter, and hashtag
The finer points of each of these are beyond the purview of this. The success of data extractions will vary, too, because of the various dependencies for a successful data extraction. There are still some challenges with properly authorizing some related application programming interfaces (APIs) with some of the social media platforms, for example.
Data Forms
The data is collected as an “Entity List” in a table (which is exportable). The data is also viewable as a node-link graph—in 2D or a kind of dynamic and simulated 3D (in the Bubble View). The entities may be viewed in a number of structured or semi-structured formats in the main graph pane.
Some actual graphs and other visualizations are shown below. The following visualizations were all created in Maltego from one dataset.
| Previous page on path | Cover: Conducting Surface Web-Based Research with Maltego Carbon(TM), page 8 of 17 | Next page on path |
Discussion of "'Machines' and 'Transforms'"
Add your voice to this discussion.
Checking your signed in status ...