What is Maltego?
Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.
Maltego uses the idea of transforms to automate the process of querying different data sources. This information is then displayed on a node based graph suited for performing link analysis.
All three Maltego clients come with access to a library of standard transforms for the discovery of data from a wide range of public sources that are commonly used in online investigations and digital forensics.
Because Maltego can seamlessly integrate with nearly any data source many data vendors have chosen to use Maltego as a delivery platform for their data. This also means Maltego can be adapted to your own, unique requirements. Our current data partners can be found on the Transform Hub page linked to below.
What is Maltego CE?
Maltego CE is the community version of Maltego that is available for free after a quick online registration. Maltego CE includes most of the same functionality as the commercial version however it has some limitations. The main limitation with the community version is that the application cannot be used for commercial purposes and there is also a limitation on the maximum number of entities that can be returned from a single transform. In the community version of Maltego there is no graph export functionality that is available in the commercial versions.
What does Maltego do?
The focus of Maltego is analyzing real-world relationships between information that is publically accessible on the Internet. This includes footprinting Internet infrastructure as well as gathering information about the people and organisation who own it.
Maltego can be used to determine the relationships between the following entities:
- Email addresses.
- Groups of people (social networks).
- Web sites.
- Internet infrastructure such as:
- DNS names.
- IP addresses.
- Documents and files.
Connections between these pieces of information are found using open source intelligence (OSINT) techniques by querying sources such as DNS records, whois records, search engines, social networks, various online APIs and extracting meta data.
Maltego provides results in a wide range of graphical layouts that allow for clustering of information which makes seeing relationships instant and accurate – this makes it possible to see hidden connections even if they are three or four degrees of separation apart.
Maltego CE Features:
- The ability to perform link analysis on up to 10 000 entities on a single graph.
- The capability to return up to 12 entities per transform that is run.
- Includes collection nodes which automatically group entities together with common features allowing you to see passed the noise and find the key relationships you are looking for.
- Includes the ability to share graphs in real-time with multiple analysts in a single session.
- Graph export options include:
- Entity lists.
- Graph import options include:
- Tablular formats - csv, xlx and xlsx.
- Copy and paste.
- Maltego CE is easy and quick to install - it uses Java, so it runs on Windows, Mac and Linux.
- Hardware Requirements:
- A Maltego CE client requires at least 2GB of RAM, but the more the merrier as Maltego loves memory.
- Any modern multi-core processor will have more than enough processing power.
- 4GB of disk space should be more than enough.
- Using a mouse makes navigating Maltego graphs much easier and is definitely recommended.
- Network Requirements:
- A Maltego CE client requires Internet Access to operate fully.
- The client will need to make outgoing connections on the following ports: 80, 443, 8081. Additionally port 5222 is needed to join shared graphs on Paterva's public Comms server.
- Please note that a Maltego client may need to make connections on additional ports if the client is using transform from 3rd party transform vendors from the Transform Hub.
What can Maltego CE do for me?
Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
Maltego provides you with a much more powerful search, giving you smarter results. If access to "hidden" information determines your success, Maltego can help you discover it.
Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.