Website Investigations in a Post-GDPR World – 2019 OSMOSIS Session Topic

Joshua Hopping

Since the adoption of the EU’s General Data Protection Regulation (GDPR) in May 2018 and subsequent Whois rulings by ICANN, locating valid personal data for website owners or operators has become increasingly tough. This session seeks to teach investigators how to make connections between multiple websites in order to uncover website ownership. Topics covered include using analytics and affiliate tracking codes, DNS records (e.g. IP address, SOA email, display and actual nameservers), Whois records (current and historical), site content (current and historical), and social media research.

Learning Objectives:

  • Understand how to locate registrant information for websites with proxied or hidden Whois records
  • Learn various OSINT methods of connecting websites along with a list of tools and resources to help with website investigations
  • Gain a deeper understanding of the relationship between registrants, registrars, registries, and ISPs