Modern investigations: It’s not like the movies


I’ve always loved watching crime series or films – from Homeland and True Detective to Sherlock Holmes. But after years of building software products and solutions designed to help security and law enforcement agencies solve crimes, I've noticed there are several clichés that need to be conquered by technology.

178981038-300x200.jpgNo. 1: Stumbling across the vital clue at just the right moment

It’s guaranteed to happen – the lead investigator is toiling in a seemingly unsolvable crime, the stakes are rising, and suddenly they stumble across a clue (a phone call, email, trace DNA or a sudden memory of a previous investigation) which helps them crack the case.

In reality, the likelihood of this happening is minute. A single person can have tens of thousands of phone call or email records. And to trawl through such volumes of data is simply not an option, especially with available human resources constantly being squeezed. Instead, data volumes which could take a person hundreds of years to look through can be analysed, filtered and acted upon in seconds by a computer.

Modern investigations require technology that helps summarise data, automatically find connections, and search large corpus of data so that any hunches can be acted on immediately.

No. 2: The investigation room wall covered with maps, timelines, string and drawing pins

Another favourite in the movies: The investigation/war room wall which documents all the known information, potential theories, maps of crime locations and timelines of events.

Any major incident room around the world will look like this, however, is this fit to meet modern policing’s needs?

The wall size is finite for a start, making it impossible to display or store all the data and working theories. Trying out a new hypothesis is time-consuming because everything needs to come off the walls only to go back up in different order. Furthermore, investigators are limited by geography – only those who can easily access the investigation room can see the walls.

Modern investigations require virtual walls where investigators can test out multiple theories and easily plot results on maps and timelines. They need to be able to filter or add to these results, and cross reference lists with other results.

The physical wall has always been a great way to tell the story of the investigation. But now virtual walls are needed, so the ability to document any and all insights within the software is key. All the intelligence that's been nurtured through the investigation from raw data needs to be interactive in real time, and shareable with other investigators -- regardless of geography.

No. 3: It doesn’t have to start with a crime scene

The movies always start with either the crime in action, or the police arriving at the crime scene. Ok,  I’ll admit that it wouldn't make for great movies, but, ideally, an investigation shouldn’t have to start with a crime being committed. Proactive policing is key in detecting and preventing threats before they happen. All too often, serious crimes happen after a series of escalating events – events that are almost impossible to detect and prevent without software.

Historic and real-time data can show trends of escalating factors which can be used to prevent crimes from occurring, allowing agencies to influence events preventing potential tragedies. Customizable surveillance strategies need to be able to be run against large data volumes in real time to detect potential threats -- and to alert and task the relevant parties.

Goodbye, Hollywood crime movies?

With the right software and a good investigation team the aforementioned clichés can all be the thing of the past. I love the drama, so I’m willing for Hollywood to continue portraying investigations as they do, but the real world needs to modernise, and quickly.

The basic approaches of investigators remain the same, but the tooling required to perform investigations has changed dramatically over the last ten years. And the need to proactively detect and prevent incidents is increasing.

SAS Visual Investigator combines analytics with investigative workflows, giving investigators the platform they need to do their job at the speed the public demands, and with the scale of data modern life creates. Check out this fact sheet to learn more and take a look at this article: Big data -- The gold mine of investigative policing.


About Author

Rory MacKenzie

Senior Software Development Manager

Rory MacKenzie is a Senior Software Development Manager at SAS leading up the team based in Scotland working on SAS Visual Investigator. Rory's experience has been around building Intelligence Management software and end to end Law Enforcement Solutions. Rory graduated the University of Strathclyde with a MEng Computer Science (with Distinction).


  1. Sundaresh Sankaran on

    Hey Rory,

    This made for enjoyable and thought provoking reading. Thank you!

    As one of the champions in SAS for law enforcement in a different region, I know we are different in terms of what Hollywood shows (and btw is actual police work like the movies???? :)). I would love suggestions from a different angle.... How does analytics have to evolve to tackle ground realities at the police end? For example, we analysts demand ALL data before making a decision. But we know that is tough in reality - data for the police comes at odd intervals, without warning and in different forms,... informers in tea café types. How should analysts orient their solutions to dealing with this reality? I'ld love to have that answer.

  2. Krzysztof Szczurowski on

    Hey Rory, I just come across this read. Absolutely fantastic, thank you,
    No. 3 is almost border lining with Minority Report (adaptation of 1990 Philip K.Dick novel by Steven Spielberg).
    Although, in the movie we are 37 years from now, but with the current technology and application development progress it looks like we just might be there sooner 🙂

Back to Top