Visit the NIST Main Home Page

National Software Reference Library Logo





CFTT Website

Privacy Policy/Security Notice
Disclaimer | FOIA

NIST is an agency of the
U.S. Commerce Department

Date created: 8/20/2003
Last updated: April 28, 2009

Technical comments:

Website comments:





On this page, we will make links available to hashsets, to source code, and to executable tools produced by the NSRL.

Query the Hash Set Online
There is a project called NSRLquery developed by Rob Hansen of RedJack Security LLC, which has two subprojects: nsrlsvr, which provides a server that yields NSRL RDS information on request, and nsrllookup, a simple command-line application that queries the server.
Jesse Kornblum of Kyrus has established a beta testing NSRLquery server at, and NSRL has been supplying release-day data to support this server.

ISO 9660 images of RDS CDs

If you have a fast Internet connection, you may download ISO 9660 image files and burn your own copy of the RDS CDs.

Be aware that the ISO image files are each approximately 700MB in size.

The RDS, from RDS 2.20 onward, does not support the categorization used in previous releases. For example, you cannot use CD "B" for exclusion of known operating system applications, as was possible previously.

NOTE: the data format has not changed, merely the allocation of space across the media.

The discs contain the following ranges of SHA-1 hash values:
CD "A"           0000000000000000000000000000000000000000

CD "B"           4000000000000000000000000000000000000000

CD "C"           8000000000000000000000000000000000000000

CD "D"           C000000000000000000000000000000000000000

RDS 2.46 , September 2014

The full RDS Release has become too large for distribution on four CDROMs. For users familiar with the process of using four CDROMs to load RDS data you will find a directory called RDS_Split on this DVD. This directory contains the four RDS zip files that were traditionally distributed on the four CDROMS.

For users interested in processing a unified RDS set, a directory called RDS_Unified can be found on this DVD. This directory contains the RDS files as traditionally presented on the RDS DVD ISO.

Combo DVD - A single 6 GB ISO containing all data
DVD signatures - SHA1, MD5, and filesize of the DVD image

If you wish to preview the contents, you may download three smaller files without the hash metadata. These files conform to the NSRL data format.

Product listing - 3MB text file
Manufacturer listing - 100KB text file
Operating systems listing - 50KB text file

You can download a 700KB tab-delimited sorted list of all manufacturers' products and versions that are included in RDS 2.44. If you have a different version, a Perl script is available to allow you to generate this list.

Be aware that the converted ZIP files are each between 1.8 and 2.0 GB in size.
NIST has also converted the RDS format data into data files for some commercial products:

Hashes of the zip files
Encase - with the 4 CD datasets split into directories
Encase - with the DVD data in one directory
AccessData Known File Filter (KFF) tool for FTK updates
Contact with questions about other formats.

It is your responsibility to verify the ISO image files with the signatures and file sizes once they are downloaded. After you have used the image to create a CD, it is your responsibility to verify the data files on that CD with the signatures provided on that CD.

Installed Software Sets

NSRL has performed installations of 6 Windows operating systems and 35 applications, then collected the metadata that describes those files.

Currently, this metadata is not included on the RDS, but it will be included starting with RDS 2.47. The metadata gathered from the installtions to disk are identified by the "SpecialCode" field containing the character "D".

A set of installation metadata is available as a separate file (52 MB) which was generated on September 22, 2014. This data set contains 365,974 non-unique rows, and 202,442 unique rows.
SHA1(NSRLFileD.txt)= e3dd7c4fdb4ee140ae90b7cf9a6e932f38248de0
MD5(NSRLFileD.txt)= ed6c310fd67bba5d2b4de79736e2a9d4

The operating systems covered in this set are:
Windows XP Professional
Windows 7 Ultimate 32bit
Windows 7 Ultimate 64bit
Windows 8 Pro 32bit
Vista Ultimate 32bit
Vista Ultimate 64bit

The applications covered in this set are:
A Century of Flight
Acrobat Reader 3.0
Adobe Photoshop Elements 12
Adobe Photoshop Elements 10
Adobe Dynamic Media Software
Adobe Photoshop Lightroom 4
Advanced Keylogger v2.1
Chrome 4.0
Deep Freeze Standard v7.10
eraser v6.0.10.2620
Firefox 19.ob2
Firefox 32.0.2
HxD v1.7.1
Invisible Secrets V2.1
LimewireBasic 4.09.39
Norton Antivirus 2012
Python 2.6.4
Safari 5.1.7
sdelete v1.6.1
Skype v6.1.0.129
Street Finder Travel Nav Soft
Sysmon 1.0
Teamviewer v9.0
Thunderbird 2
True Crypt v6.3
Turbo Tax Deluxe Plus State V5 4
Turbo Tax 2013
UPX v3.09
Windows Office Pro 2003
Windows Office Pro 2007
WinRAR 5.00
WinZip 17 Pro
Wireshark v1.8.0
World of Warcraft

Reduced Sets

A "minimal" hashset is available which contains only 38,747,351 file hashes. This set only lists one example of every file in the NSRL. It cannot be used to determine all possible sources of a file. Minimal set (2.4GB)
SHA1( 1b99e13978068f9abff269f6554b98521e92693c
MD5( 844888d2448027972a6247b3b9aa69fc

A "unique" hashset is available which contains only 19,998,552 file hashes. This set lists the files that appear only once in the entire NSRL collection. Unique set (1.3GB)
SHA1( 71dae0d8a4fddeb64f5acf0de254e30644423729
MD5( 84cd3fe731899cd6ae282ebfe2506de4

Converting RDS format to other formats

There is a Windows GUI tool that the NSRL is allowed redistribute.

You can pick up the NSRL Perl conversion code at
When you unpack the zip file, there is one file, "".
      perl -h
and you will get the help output:

Usage : [-h] -f format [-d RDS_directory]
      [-l logfile] [-p product_id] [-u]
      -h : help with command line options
      -f format : one of hk , 1.5 , 2.0 (MANDATORY)
      -l logfile : print log info to a file
      -d dir : directory holding NSRLProd.txt, NSRLFile.txt
      NSRLOS.txt and NSRLMfg.txt
      -p integer : use one ProductCode from NSRLProd.txt
      -u : guarantee a unique product line in hk output

Enter the command
      perl -f hk -d SOME_DIR

and you'll get two files, "outfile.hke" and "outfile.hsh"
that you can rename and pull into Hashkeeper.