Skip to content
Log in

WHOIS

Definition

A query protocol that returns registration data for a domain, including registrant name, organisation, email, nameservers, and registration and expiry dates. Since ICANN's GDPR alignment policy took effect in 2018, much registrant contact data for .com and other gTLDs is redacted by default in public queries.

Related terms

A record
A DNS resource record that maps a domain name to an IPv4 address. The primary attribution record in most investigations. An AAAA...
Digital footprint
The cumulative set of data traces a person or entity leaves across internet-accessible sources, including domain registrations, social media posts, forum accounts,...
DNS tunnelling
Encoding data inside DNS queries and responses to exfiltrate information or carry command-and-control traffic through a network that permits DNS but blocks...
Domain generation algorithm (DGA)
Code embedded in malware that produces a large set of pseudo-random domain names on a scheduled basis. The malware tries each until...
Fast-flux
An evasion technique in which a domain's A records cycle through a large pool of IP addresses with very short TTL values....
Metadata
Data about data. In document forensics, metadata includes file-creation timestamps, last-modified dates, author fields, revision history, and embedded GPS coordinates in images....
OSINT
Open-Source Intelligence. Investigation using publicly available sources: social media, satellite imagery, news archives, public databases. In deepfake casework, OSINT corroborates or contradicts...
Passive collection
OSINT collection that queries third-party databases and archived sources without sending any traffic directly to the target's systems, avoiding any trace on...
Passive DNS
A historical database of DNS resolutions collected by sensors at recursive resolvers or network taps. Passive DNS shows which IP addresses a...
Sock puppet
A fictitious online identity created and controlled by an investigator to observe or interact with a target without revealing the investigation. The...

Explained in these topics

  • DNS and Domain InvestigationA query protocol that returns registration data for a domain, including registrant name, organisation, email, nameservers, and registration and expiry dates. S...
  • Web OSINT and Digital Footprint AnalysisA public query protocol that returns registration data for a domain name or IP address block, including registrant name, contact address, registrar, and regist...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account