The next two chapters will cover three specific topics: WHOIS, Certificate Transparency, and the Internet archive (aka the Wayback Machine). The three tools used together will be an extremely powerful investigation tool in your arsenal. This chapter focuses on the power of WHOIS data.

This chapter will provide background information on WHOIS, what it is, and why it is important, and will also look at the different services that provide WHOIS data, as well as different techniques that can be used to query and uncover historical WHOIS records.

WHOIS

WHOIS data can contain a lot of useful attribution information regarding the owner of a domain if you are able to access it.

The WHOIS protocol is used to query databases containing all sorts of publicly available information on Internet resources, including domain names and IP addresses. It was derived from the earlier Name/Finger Protocol, the same protocol behind the ARPANET NICNAME server, which was part of ARPANET, the precursor to the Internet.

The WHOIS protocol is used to query a wide network of WHOIS servers for any information on the domains behind the billions of websites around the world (collectively known as WHOIS data). Tons of services and tools are available for querying WHOIS records, which can typically return information on a domain's registrant, admin, technical, and billing contacts.

Over the years, domain registration added a layer of privacy (for a fee), making it much more difficult to determine ...