National Software Reference Library

National Software Reference Library
Abbreviation	NSRL
Type	GO
Parent organization	NIST
Website	http://www.nsrl.nist.gov/

The National Software Reference Library (NSRL), is a project of the National Institute of Standards and Technology (NIST) which maintains a repository of known software, file profiles and file signatures for use by law enforcement and other organizations involved with computer forensic investigations. The project is supported by the United States Department of Justice's National Institute of Justice, the Federal Bureau of Investigation (FBI), Defense Computer Forensics Laboratory (DCFL), the U.S. Customs Service, software vendors, and state and local law enforcement.^[1] It also provides a research environment for computational analysis of large sets of files.^[2]

Components[edit]

The NSRL is made up of three major elements:^[3]

A large physical collection of commercial software packages (e.g., operating systems, off-the-shelf application software);
A database containing detailed information, or metadata, about each file that makes up each of those software packages;
A smaller public dataset containing the most widely used metadata for each file in the collection that is published and updated quarterly. This is called the Reference Data Set.

Reference Data Set[edit]

The NSRL collects software from various sources and computes message digests, or cryptographic hash values, from them. The digests are stored in the Reference Data Set (RDS) which can be used to identify "known" files on digital media. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations.^[3] Although the RDS hashset contains some malicious software (such as steganography and hacking tools) it does not contain illicit material (e.g. indecent images).

The collection of original software media is maintained in order to provide repeatability of the calculated hash values, ensuring admissibility of this data in court.

In 2004 the NSRL released a set of hashes for verifying eVoting software, as part of the US Election Assistance Commission's Electronic Voting Security Strategy.^[4]

As of October 1, 2013 the Reference Data Set is at version 2.42 and contains over 33.9 million unique hash values. The data set is available at no cost to the public.^[5]

In addition to operating system and application software, the library has also collected numerous popular video game titles to be used both as part of data forensics, as well as partially to serve as video game preservation.^[6]

References[edit]

^ "NIST Special Database 28 (RDS)". National Software Reference Library (NSRL). National Institute of Standards and Technology. 27 August 2010. Retrieved 7 April 2012.
^ White, Doug; Owens, Trevor (May 4, 2012). "Life-Saving: The National Software Reference Library". The Signal: The Library of Congress Digital Preservation Blog. The Library of Congress. Retrieved 16 January 2016.
^ ^a ^b Steve Mead (September 2006). "Unique file identification in the National Software Reference Library" (PDF). Digital Investigation. 3 (3): 138–150. doi:10.1016/j.diin.2006.08.010. ISSN 1742-2876. S2CID 17079984.
^ Verton, Dan (November 2004). "Feds Issue Test Copies of E-voting Software". Computer World. Retrieved 1 September 2010.
^ "RDS Readme.txt". Archived from the original on 6 November 2013. Retrieved 1 October 2013.
^ Valentine, Rebekah (September 10, 2018). "NIST adds gaming software to National Software Reference Library". GamesIndustry.biz. Retrieved September 10, 2018.

External links[edit]

Official website

[NSRL-RDS-1] "NIST Special Database 28 (RDS)". National Software Reference Library (NSRL). National Institute of Standards and Technology. 27 August 2010. Retrieved 7 April 2012.

[2] White, Doug; Owens, Trevor (May 4, 2012). "Life-Saving: The National Software Reference Library". The Signal: The Library of Congress Digital Preservation Blog. The Library of Congress. Retrieved 16 January 2016.

[mead-3] Steve Mead (September 2006). "Unique file identification in the National Software Reference Library" (PDF). Digital Investigation. 3 (3): 138–150. doi:10.1016/j.diin.2006.08.010. ISSN 1742-2876. S2CID 17079984.

[cw-4] Verton, Dan (November 2004). "Feds Issue Test Copies of E-voting Software". Computer World. Retrieved 1 September 2010.

[readme-5] "RDS Readme.txt". Archived from the original on 6 November 2013. Retrieved 1 October 2013.

[6] Valentine, Rebekah (September 10, 2018). "NIST adds gaming software to National Software Reference Library". GamesIndustry.biz. Retrieved September 10, 2018.

[1]

[2]

[3]

[4]

[5]

[6]

v t e Digital forensics
Branches	Computer forensics Mobile device forensics Network forensics Database forensics Software forensics
Hardware	Forensic disk controller
Software	ADF Solutions Digital Evidence Investigator EnCase Foremost FTK PTK Forensics The Sleuth Kit The Coroner's Toolkit COFEE HashKeeper Xplico
Certification	Certified Forensic Computer Examiner (CFCE) Global Information Assurance Certification
Processes	Digital forensic process Data acquisition Digital evidence eDiscovery Anti–computer forensics
Organisations	National Software Reference Library Department of Defense Cyber Crime Center National Hi-Tech Crime Unit (NHTCU) Australian High Tech Crime Centre (AHTCC)
People	Mary Aiken Annie Antón Rebecca Bace Josh Brunty Eoghan Casey Hany Farid Simson Garfinkel Clifford Stoll Robert Zeidman
Glossary of digital forensics terms

Components[edit]

Reference Data Set[edit]

See also[edit]

References[edit]

External links[edit]