Forensic investigations are often fueled by Domain and DNS research. However, In order to harness the power of domain-based investigations, it’s imperative to understand the anatomy of domains.
There are four types of top level domains: Commercial, Sponsored, country code ccTLD, and new gTLDs. At this point, there are over 1000 TLD’s in existence, and this number continues to grow.
There are 5 Regional Internet Registries (or RIRs) that manage IP address locations, Whois records, and ASN assignments. These RIRs can also be sub-allocated to the National Internet Registries (NIRs). The RIRs and NIRs will then sub-allocate/delegate to the local internet Registries (LIRs) which tend to be ISPs, enterprises, or academic institutions.
Read MoreHopefully these brief definitions and descriptions about the origin of key domain information will help empower your security team to investigate potential threat actors and infrastructure...