Results from a 2-week proof of concept: four suspects in minutes

A leading law enforcement agency came to us with a familiar challenge: investigations bottlenecked by huge volumes of data, fragmented across too many systems. Vital questions took too long to answer, and complex ones could rarely be answered at all.

Telco records, Automatic Number Plate Recognition (ANPR) reads, citizen registries, case files, intelligence reports – their problem wasn’t the data itself, it was the tools. Analysts would spend days running complex queries across multiple systems, slowing investigations and delaying action as they pieced together fragments in search of connections.

They needed a way to unify their data in a single view of truth and to answer complex questions. The market is crowded with tools promising this, but which could actually deliver?

Together, we launched a structured two-week PoC – a guided, collaborative process to prove the value of graph-powered intelligence analysis with real data and workflows.

The challenge: could graph-powered intelligence analysis accelerate real investigations?

GraphAware Hume is a graph-powered intelligence analysis platform purpose-built for mission-critical investigations. On paper, it met all the requirements: robust data ingestion, a unified knowledge graph, intuitive visual analysis, and compliance with all the required security and data policies. 

With the Agency, we agreed to prove the adoption process and answer one question: could a graph-powered approach speed up investigations?

Stage 1: Understanding the analysts

Before touching the data, we needed to understand the needs and realities of the users – their investigative workflows, bottlenecks and constraints. 

The result was examples of questions they struggled to answer with their existing tools, like:

• Do these three burglaries have anything in common?
• Can we link these individuals to the same location at a specific time?
• Is this suspect’s phone connected to a vehicle flagged in another investigation?

Exactly the type of multi-source, multi-hop question the graph model is designed to answer.

Stage 2: Defining the analyst workflow

Next, we needed to understand how analysts set about finding answers, and settled on a common investigation workflow:

1. Detect: can a graph identify persons of interest?
2. Track: can it show analysts where they were, and when?
3. Correlate: can it identify connections to other people, places or events?

At each stage, we would measure whether graph technology could outperform existing methods in both speed and impact before moving on. 

Stage 3: building a prototype knowledge graph

With the key questions defined, we set about creating a connected model to answer them. We wanted to create a prototype that mirrored real investigations, including data like:

• Cell tower dumps, SIM ownership records, IMSI/IMEI identifiers
• ANPR camera reads and vehicle sightings
• Citizen and criminal records, incident reports, and unstructured case files

Together with the Agency’s analysts, we ran focused data modelling workshops to define a clear structure, or schema, for the knowledge graph. We agreed on how people, phones, vehicles, and locations should be represented and linked, with every modelling decision, such as whether a phone call should be stored as an entity or a relationship, validated against real investigative questions.

The result was a clear, operationally grounded schema capable of showing movement, associations, communication, and cross-case links in a single view. 

Stage 4: Connecting the data

Next, we needed to bring the data into a single, connected view of truth. Using Hume Orchestra – the platform’s data orchestration engine – we connected directly to the Agency’s siloed sources, including spreadsheets, relational databases, and unstructured files like PDFs. 

This step focused on making the data consistent, linkable and analysis-ready. Orchestra pipelines were set up to normalise data, extract entities, and perform entity resolution and data enrichment. We geocoded addresses to precise GPS coordinates and parsed unstructured narrative reports to extract people, places, vehicles, and other entities.

All decisions were made collaboratively with the Agency’s technical team to ensure the approach respected security requirements and operational needs. The result was a unified view of 175 million entities and relationships, seamlessly integrated and ready for the analysts to explore in Hume.

Stage 5: Analyst-driven iteration

With the data ingested, analysts could now explore it.

To make the tool immediately usable, GraphAware configured Hume with intuitive Actions. These one-click operations allow analysts to run pre-defined queries and answer complex questions, without needing to learn the Cypher query language. This removed the learning curve and meant analysts could immediately start analysing real scenarios, like:

• Identify all phones that pinged selected towers within a set timeframe
• Trace a vehicle’s movements and see its links to known suspects
• Show all entities related to a specific SIM card or address

Role-based access security ensured sensitive information was protected, but still available to authorised users.  

As analysts explored the graph, they shared feedback that shaped the PoC itself. The team added new Actions to streamline workflows, applied visual changes to improve data clarity, and identified additional datasets to enhance investigations. 

This iterative approach meant the PoC evolved in real time, becoming more aligned to the Agency’s needs as testing progressed. For the analysts, it meant one tool for all data, connected, normalised, and ready to explore without the bottlenecks.

The results: cutting queries from hours to seconds

By the end of the two-week PoC, the Agency had a working demonstration of what graph-powered intelligence analysis could achieve. Analysts could answer complex, cross-source questions in seconds, uncovering links that previously took days or weeks of manual effort.

There was an unexpected achievement too: the graph could surface “unknown unknowns”, like new suspects, affiliations, and cross-case connections, that analysts didn’t set out to look for. With their single view of truth, analysis wasn’t just faster, it was also more effective.

“Previously, connecting ANPR camera data, cell tower dumps, and ownership records took days of manual work. With Hume, we selected towers and times, and within seconds got four suspects—one linked to a car involved in another ongoing crime. It was an instant ‘aha!’ moment.”

The PoC didn’t simply demonstrate the value of graph intelligence; it showed a fundamentally new way to conduct investigations, and ultimately led to the full production roll-out of GraphAware Hume across the Agency.