In the fields of security, law enforcement, and intelligence, one impediment to knowledge discovery and situation awareness can be the sheer volume of textual data collected from various sources that must be processed. This problem can be especially challenging in the context of incident report analysis, such as the (manual and automated) text processing conducted by security, law enforcement, and intelligence agencies, which typically involves sifting through multiple databases for targeted information requirements, where each database maintains its own unique format.
In general, incident reporting is a document publication process that may be important to situation awareness, and which can be institutionalized in diverse domains. Typically, for each reported incident, the incident reporting process captures the incident's location, type, and other information necessary to evaluate an incident and to initiate an appropriate response, if desired. Depending on the domain of application, a report might also identify incident severity, participants, time, frequency, and manner of occurrence. Other items of relevance, such as charts, maps, and digital images may also be included. Information content is partially determined by standards and conventions that vary across domains and institutions. Moreover, some details may routinely appear in reports as free-form text formulated according to the author's apprehension of data, such as situational context, estimation of potential consequences, and anticipated means of resolution. Often, actionable information encoded in these free-form texts is largely or partially ignored by both human-powered and automated incident report analyses.
Institutionalized incident reporting is impractical without software support. Currently, the marketplace for incident report processing promotes standard data management features, such as easy-to-learn operations, protocol-based interoperability, and support for data collection, index-based searches, reports, and records management. State-of-the-art systems, such as, for example, Motorola's Infotrak Law Records Management System (LRMS), feature interoperability with the Federal Bureau of Investigation's reporting system, through which many law enforcement agencies report crime data. Alongside Motorola, others such as NibrSite, Niche Technology, Indico, and various governmental organizations promote more advanced features such as name-based search, email, photo lineups, computer-aided dispatch, and task management. Still other systems, for instance, are capable of ranking incident reports by relevance criteria gleaned in part from incident report texts. All such systems, however, are deficient in their ability to discover targeted information encoded and correlated in complex and non-linear ways within and across massive numbers of reported incidents.
Many large enterprises use standard authoring and data management software to process incident reports, with analytical services being implemented as key-based searches, attribute-based aggregation, and data sorts portraying relevance ranking. As with commercial software, in-house incident report analysis products typically constitute no more than a selection of incident reports from the available data. These selections may be presented to a human analyst who is left with the time-consuming and error-prone task of discovering how the selections satisfy information requirements at hand.
Human attentional and motivational constraints may also impede efficient discovery of information encoded and correlated in complex and non-linear ways within and across massive numbers of reported incidents, only some of which may expressly identify sequences of events and states of affairs denoting potential threats, the collective action of adversarial groups, or other items of interest. Thus, human involvement in the sorting process may result in an incomplete identification of useful sequences of events and states of affairs denoting potential threats contained within the totality of incident reports reviewed. Moreover, human sorting and collation of the incident reports may also fail to fully identify the collective action of adversarial groups, as well as other items of interest, contained in the incident reports. In addition, since the cost of manual intervention is so high and its result so uncertain, teams of domain specialists are usually required to support these knowledge workers to increase the general likelihood of success of the collective effort. In general, knowledge acquisition in unfamiliar domains can be expensive and time-consuming. Thus, institutions which analyze incident reports using conventional technologies alone may overlook key, actionable information, and may fail to achieve or sustain situation awareness.