National Software Reference Library

National Software Reference Library

Discussion
Ask a question about 'National Software Reference Library'
Start a new discussion about 'National Software Reference Library'
Answer questions from other users
Full Discussion Forum
 
Encyclopedia
The National Software Reference Library (NSRL), a project of the National Institute of Standards and Technology
National Institute of Standards and Technology
The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...

, is supported by the United States Department of Justice
United States Department of Justice
The United States Department of Justice , is the United States federal executive department responsible for the enforcement of the law and administration of justice, equivalent to the justice or interior ministries of other countries.The Department is led by the Attorney General, who is nominated...

's National Institute of Justice
National Institute of Justice
The National Institute of Justice is the research, development and evaluation agency of the United States Department of Justice. NIJ, along with the Bureau of Justice Statistics , Bureau of Justice Assistance , Office of Juvenile Justice and Delinquency Prevention , Office for Victims of Crime ,...

, federal, state, and local law enforcement, and the National Institute of Standards and Technology
National Institute of Standards and Technology
The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...

. The group maintains a Reference Data Set of known software hashes.

In 2004 the NRSL released a set of hashes for verifying eVoting software, as part of the US Election Assistance Commission
Election Assistance Commission
The Election Assistance Commission is an independent agency of the United States government created by the Help America Vote Act of 2002 . The Commission serves as a national clearinghouse and resource of information regarding election administration...

's Electronic Voting Security Strategy.

Reference Data Set


The NSRL collects software from various sources and computes message digests from them. The digests are stored in the Reference Data Set (RDS) which can be used to identify "known" files on digital media. This will help alleviate much of the effort involved in determining which files are important as evidence
Evidence
Evidence in its broadest sense includes everything that is used to determine or demonstrate the truth of an assertion. Giving or procuring evidence is the process of using those things that are either presumed to be true, or were themselves proven via evidence, to demonstrate an assertion's truth...

 on computers or file systems that have been seized as part of criminal investigations. Although the RDS hashset contains some malicious software (such as steganography
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...

 and hacking
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...

 tools) it does not contain illicit material (e.g. indecent images).

NIST maintains a collection of original software media in order to provide repeatability of the calculated hash values, ensuring admissibility of this data in court
Court
A court is a form of tribunal, often a governmental institution, with the authority to adjudicate legal disputes between parties and carry out the administration of justice in civil, criminal, and administrative matters in accordance with the rule of law...

.

As of June 1 2010 the Reference Data Set is at version 2.29 and contains over 17 million unique hash values. The data set
Data set
A data set is a collection of data, usually presented in tabular form. Each column represents a particular variable. Each row corresponds to a given member of the data set in question. Its values for each of the variables, such as height and weight of an object or values of random numbers. Each...

is available at no cost to the public.