Author Box
Articles Categories
All Categories
Articles Resources

Where Can I Find Forensic Clues About Internet Domain Name Registrants?

June 11, 2012 | Comments: 0 | Views: 147

The following explains some of the terms used in Internet forensics, and suggests where relevant clues about a domain name may be hiding:

"IP Address"

Each and every computer on the Internet has a unique address - just like a telephone number or street address - which is a rather long and complicated string of numbers. It is called its "IP address" (IP stands for "Internet Protocol"). IP Addresses are hard to remember, so the Domain Name System makes using the Internet far easier for humans by allowing words in the form of a "domain name" to be used instead of the arcane, numerical IP address. So instead of typing, you can just type that IP address' domain name, and you would then be directed to the website that you are seeking connected to that domain name.

It is possible to "geolocate" an IP address by using a variety of free services available on the Internet. Geolocation is the practice of determining the physical, real world location of a person or computer using digital information processed and collected on the Internet.

Geolocation can offer the city, ZIP code or region from which a person is or has connected to the World Wide Web by using their device's IP Address, or that of a nearby wireless access points, such as those offered by coffeeshops or internet cafes.

Determining the country of an Internet user based on his or her IP address is relatively simple and accurate (95%-99% percent) because a country is required information when an IP range is allocated and IP registrars supply that information.

Determining the specific physical location of an IP Address down to a city or ZIP code, however, is a little more difficult and slightly less accurate because there is no official source for the information. Further, users sometimes share IP addresses and Internet service providers often base IP addresses.

Even when not accurate, though, geolocation can place users in a bordering or nearby city, which may be good enough for the investigation.

Internet Corporation for Assigned Names and Numbers (ICANN)

The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has the ultimate responsibility for Internet Protocol address space allocation, generic (gTLD) and country code (ccTLD) Top Level Domain name system management, and root server system management functions. As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet; to promoting healthy and lawful competition; to achieving broad representation of global Internet communities; and to developing policies to foster these goals.


Registrants are individuals or entities who register unique domain names through Internet Registrars. The Registrant is required to enter a registration contract with his Registrar, which sets forth the terms under which the registration is accepted and will be maintained. The Registrant's data is ultimately recorded in a number of locations: with the Registry, the Registrar, and, if applicable, with his webhosting provider.


Domain names are registered by individual Registrants through many different companies known as Internet "Registrars." GoDaddy, for example, is a major ICANN-accredited Registrar. There are currently approximately 430 accredited Internet Registrars. A complete listing of accredited Registrars is in the ICANN Accredited Registrar Directory. A Registrar asks individuals, or "Registrants", various contact and technical information that makes up the official registration record. The Registrar maintains detailed records of the Registrant's contact information and submits the information to a central directory known as the "Registry." The Registry provides other computers on the Internet the information necessary to send the Registrant e-mail or to find the Registrant's Website on the Internet.


The Registry is the authoritative, master database of all domain names registered in each Top Level Domain. The Registry operator keeps the master database and also generates the "Zone File" which allows computers to route Internet traffic to and from Top Level Domains (TLD's) anywhere in the world. Internet users don't interact directly with the Registry; users can register names in TLDs by using an ICANN-Accredited Registrar (see above). Two of the largest Registries are Verisign (with authority TLDs, among others), and the Public Interest Registry ("PIR")(with authority TLD's).

Top Level Domain (TLD)

Top Level Domains (TLDs) are the names at the top of the DNS naming hierarchy. They appear in domain names as the string of letters following the last (rightmost) ".", such as "net" in "". The administrator for a TLD controls what second-level names are recognized in that TLD. The administrators of the "root domain" or "Root Zone" control what TLDs are recognized by the DNS. Generally speaking, two types of TLDs exist: generic TLDs (such,.net,.edu) and country code TLDs (such,.de,


All domain name Registries operate a "Whois" server for the purpose of providing information about all the Internet domain names registered with them. In a Shared Registry System, where most information about a domain name is held by separate individual Registrars, the Registry's Whois server provides a referral to the Registrars own Whois server, which provides more complete information about the domain name. The Whois service contains Registrant, administrative, billing and technical contact information provided by Registrars for domain name registrations.

By collecting and analyzing the Whois data, the Registry data, the Registrar data, and other bits and pieces of data about any websites associated with the domain name(s) you are interested in, a forensic investigator can often reconstruct a Registrant's identity, location and other contact information (e-mail, etc.).

Joseph C. Gioconda, Esq. is an experienced Intellectual Property attorney and consultant, and the founder of the GIOCONDA LAW GROUP PLLC (, a New York City-based brand protection and anti-counterfeiting law firm. He is also the CEO of RogueFinder LLC ( which finds and targets "rogue websites."

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

Domain Name









Windows 8 will change the way you work and play, says Microsoft and we agree. Nearly all of the previous iterations of the Windows OS have been evolutionary but Windows 8 is set to change all that.

By: Sakshi Sharma l Computers & Technology > Mobile Computing l April 03, 2013 lViews: 662

Many antivirus programs available today have various features but it entirely depends on the user to make the best choice from among these different computer virus protection programs online. Before

By: Alex l Computers & Technology > Software l December 28, 2012 lViews: 370

You can add a new color to your entertainment life with iskysoft video converter for mac & iskysoft dvd creator for mac and make your Christmas holidays all the more special. iskysoft video

By: Zaithyn Galter l Computers & Technology > Software l December 23, 2012 lViews: 1070

The choices you make regarding the type of recruiting software you choose to use are important. Being an informed consumer is essential to getting a system or components that complement systems of

By: Maria Warne l Computers & Technology > Software l December 14, 2012 lViews: 305

The Cisco certification has become the most popular IT training in recent days and it offers three different levels of these certifications include as: associate, professional and expert-level.

By: sandidas chakma l Computers & Technology > Certification Tests l December 11, 2012 lViews: 236

Millions of prospective 12th standard students are gearing up their preparations for the Joint Entrance Exam for engineering seats. From 2013, it has been decided by the IITs, CBSE, JEE organizing

By: Sarkariexam l Computers & Technology > Certification Tests l December 07, 2012 lViews: 633

Users of the game Diablo III have had many of their online valuables wrongfully stolen from them. Some of the valuables consist of online currency and precious hard to obtain gear.

By: David Kyl Computers & Technology > Computer Forensicsl June 21, 2012 lViews: 156

SCADA typically refers to computer based industrial control system which basically aids to monitor and control facility based industrial processes and infrastructure. Here industrial processes

By: Ananta Modakl Computers & Technology > Computer Forensicsl June 20, 2012 lViews: 182

The reason why the PCI DSS is often seen as overly prescriptive and over-bearing in its demands for so much security process is that card data theft still happens on a daily basis. What's more

By: Mark Kedgleyl Computers & Technology > Computer Forensicsl June 20, 2012 lViews: 149

An important part of an private investigation can be preliminarily accomplished with nothing more than a telephone, reliable laptop and an Internet connection. Conducting thorough and successful

By: Joseph C Gioconda, Esql Computers & Technology > Computer Forensicsl June 14, 2012 lViews: 253

Since the birth of computers and computer crimes, a relatively new field called computer forensics has served to expertly retrieve data or evidence from these devices. There are various computer

By: Samora Jinqual Computers & Technology > Computer Forensicsl June 13, 2012 lViews: 156

The best SEO companies provide e-marketing services. These firms train online businesses specifically small-scale proprietors to sell their merchandise in a highly cost effective way to intended

By: Roy Allensl Computers & Technology > Computer Forensicsl June 12, 2012 lViews: 152

An important part of an private investigation can be preliminarily accomplished with nothing more than a telephone, reliable laptop and an Internet connection. Conducting thorough and successful

By: Joseph C Gioconda, Esql Computers & Technology > Computer Forensicsl June 14, 2012 lViews: 253

Those involved in the struggle against online piracy have raised a host of questions about the phenomenon of websites selling counterfeit products. Who is really behind it? Why are "rogue websites"

By: Joseph C Gioconda, Esql Computers & Technology > Computer Forensicsl May 31, 2012 lViews: 197

  Many companies require their employees to agree to written policies that clarify Intellectual Property ownership of employment-related work product. The typical form of such a written policy

By: Joseph C Gioconda, Esql Legal > Employment Lawl May 31, 2012 lViews: 268

Anonymity on the Internet is a major impetus behind online chaos and counterfeiting. Requiring registrants of domain names to disclose verifiable identifying information would go a long way toward

By: Joseph C Gioconda, Esql Legal > Cyber Lawl May 31, 2012 lViews: 222

Discuss this Article

comments powered by Disqus