Investigating DNS Abuse/Misuse for Law Enforcement Agents
This workshop exposes agents to strategies, techniques and tools that infosec professionals use to identify abuses of the Domain Name System (DNS), malicious registrations of domain names, addresses or hosting. Through a combination of lecture, demonstration, and hands-on exercises, attendees will learn how to collect information that will be needed to further investigate criminal activity.
Who should attend
This is a capability program that aimed at officers/agents who are familiar with Internet applications but relatively new to “protocols”, and who will be investigating cybercrime. Some of the topics covered will be useful to more senior technical officers/agents but it is _not_ a host forensics or deep traffic analysis course.
Nature of program
We look at a methodology for gathering information related to Internet crimes that is particular to domain names and Internet addressing. This is best delivered with live demonstrations and hands on training over a 5-7 hour time span. The goal is to share a methodology for collecting information that is needed to investigate a crime and that is also commonly needed for the preparation of court orders. This program is not deeply technical but it is fast-paced: we cover lots of concepts in a day.
Identifier Systems (Domain names and Internet addresses)
- Ecosystems (who runs the DNS?
- Challenges of distinguishing criminal from legitimate use of DNS
- Accessing DNS, domain registration, and IP addressing related information
- Dealing with domain seizures
- Tools to collect DNS, address and registration data
- Tools to locate and look at hosting sites and hosted data
- Reputation and OSINT aggregation tools
- Examples and use cases throughout the course
- Hands on (where laptops or devices are available
An additional “level setting” module covers name and addressing basics. This typically adds 30-45 minutes to the program. We provide the presentation materials for this in advance so that attendees have the basic understanding to find the course useful.