NSRL Banner

NSRL Logo

HOME

GENERAL INFORMATION

TECHNICAL INFORMATION

CFTT Website

NSRL Site Statistics

Privacy Policy/Security Notice
Disclaimer | FOIA

NIST is an agency of the
U.S. Commerce Department's
Technology Administration.

Date created: 8/20/2003
Last updated:

Technical comments: nsrl@nist.gov

Website comments: web897@nist.gov

 

 

 

Library Contents

 

The National Software Reference Library collects the original media for off-the-shelf software. This information is processed to obtain digital signatures (also called hashes) that uniquely identify the files in the software packages. With the signatures, law enforcement investigators can ignore these benign files on seized computers, system administrators can identify critical system files that have been perturbed, digital archivists can identify applications versus user-created data, or exact duplicate files.

The digital signatures from the software in the NSRL are distributed quarterly to subscribers in a Reference Data Set (RDS) on CDs.

The NSRL is investigating downloaded files from websites, by burning the downloads onto CDs that can be stored on our shelves. The digital signatures from these files are not traceable to our level of satisfaction and are not included in the RDS, but are available as they may be of interest to the community.

The NSRL is investigating installed files from our software collection, by installing the software onto virtual machines and saving the virtual machine state onto CDs that can be stored on our shelves. The digital signatures from these files are not traceable to our level of satisfaction and are not included in the RDS, but are available as they may be of interest to the community.

You can review the contents of the last RDS sorted by

or use the Permuted Index.

The NSRL welcomes donations of software that is on the original commercial media. Donations are accepted under a "non-use" assumption; we do not need installation codes, we will not install and use the software for daily business, we do not need most of the manuals.

The following organizations and persons have donated software for inclusion in the NSRL:

  • Adobe Systems Incorporated
  • U.S. Air Force
  • Federal Bureau of Investigation
  • U.S. Food and Drug Administration
  • Microsoft
  • Netherlands Forensic Institute
  • NIST
  • Oracle Corporation
  • Sanderson Forensics
  • G. Sherwood
  • WetStone Technologies, Inc.

We thank these organizations for their generosity.

The NSRL can be used to prosecute intellectual property crimes. A law enforcement agent or investigator can have easy and definitive access to prove that a given piece of software is or is not a copy of specific software. From a practical point of view, this means the prosecution will not have to obtain a copy of X software to prove that a file found on a defendant's system is from X software. The NSRL can easily be used in criminal and civil cases and in other investigations and dispute procedures.

Contributing to the NSRL shows a strong commitment to corporate citizenship. Much of the use of the NSRL will be to speed the investigative process. This directly helps law enforcement solve cases faster and with less cost. The NSRL is used by the FBI, the Secret Service, DoD, the US Customs Service, and many state, local and international agencies and private corporations.

To contribute, a company needs to either send NIST off-the-shelf versions of their software or provide NIST the ability to download software from a corporate website. NIST will not use the software; it will only be used as data to populate the NSRL database and subsequently released in the Reference Data Set (RDS).

Contributors receive one release of the RDS free of charge. The free release is traditionally the next quarterly release after the donation, so that the donated software is included.