The flow of traffic among computers on the Internet and the exchange of goods between countries are examples of causally connected measurable events in a network. Understanding the behavior of such networks often requires the ability to discover temporal connections among the events in a large data set. One challenge is that the volume of data makes it difficult to explore the data and organize the events into a narrative sequence. This dissertation contributes new interactive visualization techniques for analyzing, organizing, and presenting network event data at multiple levels of detail for the purpose of forensic analysis - tracking down causal sequences of importance.

The first contribution is a technique that supports event analysis, called progressive multiples. Our techniques are instantiated in a system for network incident investigation, Isis, which we validated with a long-term collaboration and deployment with the principal network analyst of the EE and CS departments. The second contribution is a technique for automatically generating flow maps, which present summaries of network topology and behavior at a higher level than event plots and timelines. Our technique has been adopted by a diverse group of users to depict the flow of computer networks, documents, and international ecological trade.