NSRL Banner






CFTT Website

Privacy Policy/Security Notice
Disclaimer | FOIA

NIST is an agency of the
U.S. Commerce Department

Date created: 8/20/2003
Last updated: May 18, 2011

Technical comments: nsrl@nist.gov

Website comments: web897@nist.gov




Library Contents


The National Software Reference Library collects the original media for off-the-shelf software. This information is processed to obtain digital signatures (also called hashes) that uniquely identify the files in the software packages. With the signatures, law enforcement investigators can automate the processing of these files on seized computers, system administrators can identify critical system files that may have been perturbed, digital archivists can identify applications versus user-created data, or exact duplicates of files.

The digital signatures from the software in the NSRL are distributed quarterly to subscribers in a Reference Data Set (RDS) on CDs. ISO images are available via free download one month after the subscriber media have been mailed.

The NSRL also collects downloaded files from websites, aka "clickwrapped" software. The digital signatures from these files are traceable to our level of satisfaction and are included in the RDS.

The NSRL is investigating installed files from our software collection, by installing the software onto virtual machines and saving the virtual machine state onto CDs that can be stored on our shelves.

The full content lists are updated with every quarterly release. You can find links to the Product listing, Manufacturer listing, and Operating Systems listing on the downloads page.

The NSRL welcomes donations of software that is on the original commercial media. Donations are accepted under a "non-use" assumption; we do not need installation codes, we will not install and use the software for daily business, we do not need most of the manuals.

The following organizations and persons have donated software for inclusion in the NSRL:

  • Adobe Systems Incorporated
  • U.S. Air Force
  • Faronics Incorporated
  • Federal Bureau of Investigation
  • U.S. Food and Drug Administration
  • Microsoft
  • Netherlands Forensic Institute
  • NIST
  • Oracle Corporation
  • Sanderson Forensics
  • G. Sherwood
  • Summitsoft Corporation
  • WetStone Technologies, Inc.

We thank these organizations for their generosity.

The NSRL can be used to prosecute intellectual property crimes. A law enforcement agent or investigator can have easy and definitive access to prove that a given piece of software is or is not a copy of specific software. From a practical point of view, this means the prosecution will not have to obtain a copy of X software to prove that a file found on a defendant's system is from X software. The NSRL can easily be used in criminal and civil cases and in other investigations and dispute procedures.

Contributing to the NSRL shows a strong commitment to corporate citizenship. Much of the use of the NSRL will be to speed the investigative process. This directly helps law enforcement solve cases faster and with less cost. The NSRL is used by the FBI, the Secret Service, DoD, the US Customs Service, and many state, local and international agencies and private corporations.

To contribute, a company needs to either send NIST off-the-shelf versions of their software or provide NIST the ability to download software from a corporate website. NIST will not use the software; it will only be used as data to populate the NSRL database and subsequently released in the Reference Data Set (RDS).

Contributors receive one release of the RDS free of charge. The free release is traditionally the next quarterly release after the donation, so that the donated software is included.