According to police statistics from the National Police Agency, the number of cyber crimes is increasing from 110,000 in 2014 to 230,000 in 2020, and cyber crimes such as messenger phishing, body scam, and money laundering using virtual currency are expected to continue to evolve and increase. Accordingly, investigative agencies such as the police have increased the need to quickly and effectively detect and block criminal signs on the internet by analyzing the relationship between various types of data(investigation clues). As a result of a survey of police cybercrime investigators, it was confirmed that investigators needed a system that could pre-process various types of data, analyze the relationship between investigative information, and share national investigative information. However, the Cyber Crime Intelligence System (CCIS), currently used by the National Office of Investigation, is equipped with only basic network analysis and visualization functions, limiting the detection and analysis of rapidly changing cyber threat signs. Therefore, this study introduced a methodology that can detect and analyze cybercrime early using the principle of social network analysis. In particular, among the centrality principles, the PageRank model, the link betweenness centrality-based community model, and the structural equivalence principle were presented. In addition, similarity analysis through conversion of the two-mode network to the one-mode network was proposed, and a scenario in which the SNA model could be applied sequentially for each investigation stage was also proposed. In addition, for the effective analysis of various and vast investigative information, the necessity of analyzing and managing the database-based investigative information big data correlation was also emphasized.