Course Glossary
© Online Operations Ltd 2019 v1.1
Course Glossary
DNS (Domain Name System)
Domain names
EXIF data
IP address
MAC address
Meta data
MX
Volatile data
WHOIS
Works like a phone book, well sort of !
DNS translates a domain name to an IP
address for easy addressing of the service or
device on the network or Internet
DNS is a service you get automatically from ISP
There are also dedicated DNS services that can be
used in place of you ISP‘s DNS
www.onlineops.co.uk
A domain name locates an organisationor other entity on the Internet
A domain name will usually beconnected to an IP address, which maybe identified with a WHOIS search
Services are hosted on a domain, suchWWW, email or FTP:
Exif data is metadata in digital images.
Exif stands for Exchangeable Image File
The correct designation is Exif not EXIF
An IP Address provides a numeric location on a network, including the Internet
An IP Addresses belongs to someone and is allocated to a country
Fixed (Static) or Dynamic
Public or Private(Routable or Non Routable)
217.160.0.193 (version 4 IP Address)
2001:8d8:100f:f000::222(version 6 IP Address)
To find the registrant (owner) of an IP Address, use a WHOIS tool to search it, such as https://www.cenralops.net
Internet Protocol Address
Media Access Control Address
Unique address provided by a device to a network, to identify itself on the network
Devices may have several MAC addresses (Wi-Fi, Bluetooth, Ethernet – each will have a different MAC address)
MAC addresses are left as a trace on router / network logs when a device joins a network
MAC addresses can be searched to find the manufacturer of the network connection device
Can be spoofed / faked using free tools
Potentially links a device to a network
Metadata is data about data
Can include, author, time/date, device name or device type
It have been removed or edited
Useful evidence and Intelligence
Simple to locate, in documents, email headers and digital images
May need to be produced forensically if used in a prosecution as evidence
Mail Exchange (MX)
MX Records in WHOIS data shows the current email service provider for a domain
Useful source of evidence and intelligence
Mail servers retain logs and records, including mail sender IP addresses
Can be technical – may need expert help
May be difficult to obtain MX data because of legal constraints
Worldwide open source database domain names and IP addresses
May contain details of registrars –the companies that registered a domain or IP address on behalf of a registrant (owner)
May contain registrants (owners) of IP addresses and country of allocation
May contains registrants (owners) of domain names, but this may have been redacted under GDPR
Contains MX records and hosting companies of domains
https://www.centralops.net
Volatile data is data that is lost when a device is powered off;
Data that can easily be written over;
Data that can be easily damaged;
Includes data on home routers (logs), RAM and device caches
Volatile data should be captured quickly (on scene) where possible, to prevent it being lost
Volatile Data