Diamond Model of Intrusion Analysis

A
Adversary (1-10)
Identity, intent, and attribution confidence. Named in testimony, documented in flight logs, identified by victims. How clearly can the adversary be attributed?
C
Capability (1-10)
Tools, resources, and methods available. Presidential power, sovereign wealth, intelligence tradecraft, legal weaponization, financial reach.
I
Infrastructure (1-10)
Systems, properties, accounts used for operations. Physical locations, shell companies, bank accounts, model agencies, scheduling systems.
V
Victim (1-10)
Number and severity of documented victims. Direct depositions, named in testimony, settlement agreements, victim impact statements.
Source: Caltagirone, Pendergast & Betz, "The Diamond Model of Intrusion Analysis" (2013). Originally designed for cyber intrusion analysis; adapted here to map the Epstein network as a multi-domain intrusion operation. Centrality = sum of 4 vertices (/40), measuring each node's structural importance in the network. All scores derived from 398K+ DOJ EFTA documents, court filings, and depositions.

Framework Comparison: Diamond Model vs CARVER

Diamond Model (This Page)

Intrusion-centric. Maps relationships between adversary, capability, infrastructure, and victim for each node. Designed by Caltagirone et al. for cyber threat intelligence. Applied here to model the Epstein network as a coordinated intrusion operation where each node has a measurable role across all four vertices.

4 vertices Scale 1-10 Centrality /40

CARVER Matrix

Target-centric. Evaluates Criticality, Accessibility, Recuperability, Vulnerability, Effect, and Recognizability. Originally a military targeting methodology (Special Forces). Applied to identify which network nodes represent the highest-value targets for investigation and prosecution.

6 dimensions Scale 1-5 Total /30