Neo4j acquires GraphAware. Learn more about this exciting new chapter.

Intelligence analysis

What is Intelligence Analysis?

Intelligence analysis is the process of collecting, evaluating and interpreting information to produce assessments that support operational and strategic decision-making.

Rather than simply gathering data, intelligence analysis helps organisations understand what that data means, how different it relates, how it fits into a specific situation, environment, or question, and what actions should be taken as a result.

The goal is not to eliminate uncertainty, but to reduce it by producing timely, evidence-based assessments that decision makers can trust.

Although intelligence analysis is used in many sectors, this article focuses on the disciplines where it is most commonly applied within the public sector, including law enforcement, national security, defence, and financial crime.

Data, information and intelligence

Although these terms are often used interchangeably, they really describe different stages of the analytical process.

  • Data is raw, unprocessed facts, such as names, phone numbers, financial transactions or location records.
  • Information is data that has been organised or given context.
  • Intelligence is the outcome of analysis. It combines information from multiple sources, evaluates its reliability, considers alternative explanations, and presents findings that support decision-making.

For example, a single phone record is data. A series of connected phone records may become information. Understanding that those communications reveal coordination between members of an organised crime group is intelligence.

Who does intelligence analysis, and why?

Intelligence analysis is usually performed by intelligence analysts. These are professionals who specialise in evaluating and interpreting information to produce intelligence assessments.

These assessments, often called intelligence outputs or intelligence products, are shared with investigators, operational teams and decision-makers to help them understand threats, assess risk and determine the most appropriate course of action.

While dedicated intelligence analysts are the primary practitioners, intelligence analysis is not limited to this role. Investigators, detectives, fraud and risk analysts, financial investigators, cyber analysts and other operational personnel often perform intelligence analysis as part of their wider responsibilities.

Regardless of the practitioner, intelligence analysis exists to help people make better decisions in situations where information is incomplete, fragmented or constantly changing.

Its objectives typically include:

  • Understanding current situations by combining information from multiple sources.
  • Identifying relationships, patterns and trends that would otherwise remain hidden.
  • Assessing threats, risks and opportunities.
  • Supporting operational and strategic decision-making.
  • Anticipating future developments to enable proactive action rather than reactive response.

For intelligence analysts, success is typically measured by the quality of their intelligence products, rather than the volume.

What does high-quality intelligence analysis look like?

Quality intelligence analysis is timely, relevant, explainable and grounded in the best available information.

Analysts need to consider the relevant data, assess its reliability, identify meaningful relationships and present their findings in a way that operational teams and decision-makers can understand and act on.

Good intelligence products should make clear:

  • what is known
  • what is uncertain
  • which sources have been used
  • how different pieces of information are connected
  • what the assessment means for the people who need to act on it

This is where graph-powered intelligence analysis approaches can be particularly useful. By modelling people, organisations, locations, events, communications and assets as connected entities, a graph helps analysts see how information relates across different sources and systems.

It also makes intelligence easier to explain, and data lineage transparent. Rather than presenting findings as isolated records or static tables, analysts can show the network of relationships behind an assessment, trace conclusions back to the underlying data, and preserve the provenance of the information used.

The intelligence lifecycle

Although every organisation has its own processes, most intelligence work follows a common pattern known as the intelligence lifecycle.

  • Direction, or planning – defining the intelligence requirement or operational question.
  • Collection – gathering information from relevant sources.
  • Processing – cleaning, enriching and organising data into a usable form.
  • Analysis – identifying patterns, testing hypotheses and producing assessments.
  • Dissemination – communicating findings through intelligence products such as reports, briefings or visualisations.
  • Feedback, or evaluation – assessing outcomes and refining future intelligence requirements.

The feedback loop at the final stage makes this process a complete lifecycle, with each rotation improving the quality of the intelligence output.

The stages themselves are rarely linear. Analysts continually revisit earlier stages as new information becomes available or investigations develop.

Modern intelligence analysis platforms such as GraphAware Hume support multiple stages of this lifecycle, helping organisations integrate data from many different systems, analyse complex relationships, collaborate on investigations, and communicate findings more effectively.

Common intelligence sources

Modern intelligence analysis relies on information collected from many different sources. No single source provides a complete picture, so analysts combine multiple forms of intelligence to build confidence in their assessments.

Most intelligence teams also work extensively with internal organisational data, including case management systems, crime records, intelligence reports, financial transactions, communications data, border crossings and watchlists.

Common intelligence sources include:

Open-source intelligence (OSINT) – information gathered from publicly available sources such as news websites, government publications, company records and social media.

Human intelligence (HUMINT) – information obtained from people, including witnesses, informants, confidential sources and interviews.

Signals intelligence (SIGINT) – communications intelligence derived from intercepted phone calls, radio transmissions, emails and other electronic communications.

Social media intelligence (SOCMINT) – the collection and analysis of publicly available social media content to understand behaviour, identify emerging events and support investigations.

Bringing these disparate sources together as a single view of intelligence is often one of the biggest challenges facing modern intelligence teams.

Core intelligence analysis techniques

Intelligence analysis combines critical thinking with structured analytical techniques to produce objective, evidence-based assessments. Some of the most widely used techniques include:

Link analysis

Link analysis, sometimes called graph visualisation or network visualisation, explores the relationships between people, organisations, assets, locations and events. Rather than analysing records in isolation, analysts examine how entities connect across a wider network.

This approach is particularly valuable when investigating organised crime, fraud, terrorism and other complex threats where important relationships are not immediately obvious.

Timeline analysis

Visualising events over time helps analysts understand sequences of activity, identify significant changes and establish cause-and-effect relationships.

Geospatial analysis

Mapping information geographically can reveal hotspots, movement patterns, operational routes and geographical relationships that may not be visible in tabular data.

Entity resolution

People, organisations and assets often appear multiple times across different systems under different names or identifiers. Entity resolution helps analysts determine which records refer to the same real-world entity while preserving the provenance of the original data.

Where is intelligence analysis used?

While the principles remain consistent, intelligence analysis is applied across a range of operational environments.

Law enforcement

Law enforcement agencies use intelligence analysis to identify criminal networks, prioritise investigations, understand offending patterns and support operational policing.

National security

National security organisations use intelligence analysis to understand hostile actors, protect critical infrastructure, monitor emerging threats and support strategic decision-making.

Tax, revenue and financial crime

Revenue authorities and financial crime teams analyse complex financial relationships to detect tax evasion, money laundering, sanctions breaches and other forms of financial crime.

Intelligence analysis tools

Modern intelligence analysis depends on a combination of technologies rather than a single application.

Common categories include:

GraphAware Hume combines many of these capabilities within a single intelligence analysis platform. Built on the Neo4j graph database, it helps analysts integrate fragmented data, explore complex networks, collaborate on investigations and generate explainable intelligence products while maintaining the provenance of the underlying information.

Rather than replacing the analyst, GraphAware Hume is designed to support human judgement by making connected information easier to discover, explore and understand.