As Dr. Hank Brightman, Director of Applied Research and Analysis at the United States Naval War College, says in Today’s White Collar Crime, “Computers afford criminals a wide range of tools to engage in everything from credit card fraud to blackmail and espionage.”¹ However, so much of digital forensics, for good reason, is particularly focused on actual computers and not as much on the global network. Computer crime, as it is, moved off the desktop a long time ago. Illicit traffic and crime can be wholly conducted without a home computer, that is, over the Internet from changing locations, making the investigator preoccupation with seizing hard disk data only one piece of the puzzle. A new discipline in Internet forensics is emerging with a variety of opportunities and pitfalls. WHOIS is an enormous part of this endeavor, but in this author’s experience, otherwise competent investigators are oblivious to the depth of WHOIS.

Domains are simply another criminal tool, a platform for launching attacks, deceiving consumers, and collecting money. In Crimeware: Understanding New Attacks and Defenses by Markus Jakobsson and Zulfikar Ramzan, the authors lay out a multitude of ways by which domain names can be used in cybercrime but cited specific cases emerging around the 2008 US presidential election. An explosion of domain speculation, cybersquatting, campaign fund phishing, and other abuses occurred during one of the most competitive national elections ...