|
|
|
GENERAL INFORMATION
VOTING TECHNICAL INFORMATION
Privacy Policy/Security Notice
NIST is an agency of the Date
created: 8/20/2003
Technical comments: nsrl@nist.gov Search NIST website
|
Welcome to the National Software Reference Library(NSRL) Project Web Site.This project is supported by the U.S. Department of Justice's National Institute of Justice (NIJ), federal, state, and local law enforcement, and the National Institute of Standards and Technology (NIST) to promote efficient and effective use of computer technology in the investigation of crimes involving computers. Numerous other sponsoring organizations from law enforcement, government, and industry are providing resources to accomplish these goals, in particular the FBI who provided the major impetus for creating the NSRL out of their ACES program. The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations. The RDS is a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts. There are no hash values of illicit data, i.e. child abuse images. January, 2010 Data sets are available which use algorithms other than SHA-1, MD5 and CRC32, which are the algorithms used in the RDS. See the Downloads page for more information. December, 2009 The National Software Reference Library has discovered several inconsistencies in the Reference Data Sets released in March 2009, June 2009 and September 2009 (versions 2.24, 2.25 and 2.26, respectively). These inconsistencies do not affect the cryptographic hash signatures or file metadata. Use of SHA-1 or MD5 hashes to exclude known application files has not been compromised. However, if RDS versions 2.24, 2.25 or 2.26 are used to identify the set of files distributed with a specific software application, the results returned may include files from the specific software application in addition to files from one other application. This affects 82 applications. A complete listing of the affected applications is available along with an in-depth explanation. The problem has been corrected as of RDS release 2.27 (December 2009). Example:
The NSRLProd.txt file in RDS 2.24 contains the lines: If a user wishes to obtain the hash set and other metadata for "Cleopatra Riddle of the Tomb," the correct data will be returned. However, the corresponding data for "Halo 2" will also be returned.
The National Software Reference Library is a project
in The Software Diagnostics and
Conformance Testing Division supported by The
Office of Law Enforcement Standards.
NSRL RDS Release Schedule
|
