Course Glossary

© Online Operations Ltd 2019 v1.1

Course Glossary

DNS (Domain Name System)

Domain names

EXIF data

IP address

MAC address

Meta data

MX

Volatile data

WHOIS

Works like a phone book, well sort of !

DNS translates a domain name to an IP

address for easy addressing of the service or

device on the network or Internet

DNS is a service you get automatically from ISP

There are also dedicated DNS services that can be

used in place of you ISP‘s DNS

www.onlineops.co.uk

jon@onlineops.co.uk

ftp@onlineops.co.uk

A domain name locates an organisationor other entity on the Internet

A domain name will usually beconnected to an IP address, which maybe identified with a WHOIS search

Services are hosted on a domain, suchWWW, email or FTP:

Exif data is metadata in digital images.

Exif stands for Exchangeable Image File

The correct designation is Exif not EXIF

An IP Address provides a numeric location on a network, including the Internet

An IP Addresses belongs to someone and is allocated to a country

Fixed (Static) or Dynamic

Public or Private(Routable or Non Routable)

217.160.0.193 (version 4 IP Address)

2001:8d8:100f:f000::222(version 6 IP Address)

To find the registrant (owner) of an IP Address, use a WHOIS tool to search it, such as https://www.cenralops.net

Internet Protocol Address

Media Access Control Address

Unique address provided by a device to a network, to identify itself on the network

Devices may have several MAC addresses (Wi-Fi, Bluetooth, Ethernet – each will have a different MAC address)

MAC addresses are left as a trace on router / network logs when a device joins a network

MAC addresses can be searched to find the manufacturer of the network connection device

Can be spoofed / faked using free tools

Potentially links a device to a network

Metadata is data about data

Can include, author, time/date, device name or device type

It have been removed or edited

Useful evidence and Intelligence

Simple to locate, in documents, email headers and digital images

May need to be produced forensically if used in a prosecution as evidence

Mail Exchange (MX)

MX Records in WHOIS data shows the current email service provider for a domain

Useful source of evidence and intelligence

Mail servers retain logs and records, including mail sender IP addresses

Can be technical – may need expert help

May be difficult to obtain MX data because of legal constraints

Worldwide open source database domain names and IP addresses

May contain details of registrars –the companies that registered a domain or IP address on behalf of a registrant (owner)

May contain registrants (owners) of IP addresses and country of allocation

May contains registrants (owners) of domain names, but this may have been redacted under GDPR

Contains MX records and hosting companies of domains

https://www.centralops.net

Volatile data is data that is lost when a device is powered off;

Data that can easily be written over;

Data that can be easily damaged;

Includes data on home routers (logs), RAM and device caches

Volatile data should be captured quickly (on scene) where possible, to prevent it being lost

Volatile Data