Transform Overview


Transforms should be thought of as tiny pieces of code that take one type of information to another. It is very important to write transforms in such a way that they are extensible (transforms can add on to others) and get the smallest pieces of information out rather than large blocks at a time. The reason we emphasize small pieces of information is that it means we can harness the power of Maltego's link analysis. Take the two images below for example (they merely show IP addresses as well as ports and banners):

   

The graph on the left has a whole layer less, whilst showing the same information. However using the graph on the right allows the analyst to quickly look at things like all services running on port 80. Doing the same on the graph on the left would however mean you would have to traverse up the tree to the IP addresses and then down again to the services giving you other services that are not running on port 80.

Differences between local and TDS transforms »