Skip to content
Log in

ARP cache

Definition

A table held in memory that maps IP addresses to hardware (MAC) addresses for recently contacted hosts on the local network. ARP cache entries reveal which hosts a system has communicated with recently and can expose lateral movement paths not recorded in firewall logs.

Related terms

DNS resolver cache
A temporary store of DNS query results held by the operating system. Entries reveal which domain names a host has recently resolved,...
Live response
The process of collecting evidence and triage data from a running system without first powering it down. Preserves volatile artefacts that would...
Order of volatility
The sequence in which digital evidence should be collected, ranked from most to least transient. Defined in RFC 3227. CPU registers and...
Process tree
A structured representation of running processes showing each process alongside its parent. Malware frequently spawns command shells or other processes from unexpected...
Trusted response kit
A portable collection of statically compiled, cryptographically verified forensic tools stored on write-protected media. Used during live response to avoid executing potentially...

Explained in

  • Live Network State and Process CaptureA table held in memory that maps IP addresses to hardware (MAC) addresses for recently contacted hosts on the local network. ARP cache entries reveal which hos...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account