NIST Special Database 28
National
Software Reference Library (NSRL)
Price:
$90.00 for
an annual subscription (quarterly releases)
A collaboration
of the National Institute of Standards and Technology (NIST), the National
Institute of Justice (NIJ), the Federal Bureau of Investigation (FBI),
the Defense Computer Forensics Laboratory (DCFL),the U.S. Customs Service,
software vendors, and state and local law enforcement organizations,
the NSRL is a tool to assist in fighting crime involving computers.
The National Software
Reference Library (NSRL) is an example of the application of technology
to investigate crimes involving computers, such as child pornography,
racketeering, cyber-attacks, illegal gambling,Internet fraud, and software
piracy.
The NSRL encompasses
a repository of all types of software, from operating systems, to vertical
applications, to database management systems, to graphics packages,
to games, to everything in between.
It also includes
a database of file profiles, i.e., "software fingerprints,"
that can be used to identify known and unknown files on computers, diskettes,
magnetic tapes, CDs, etc., that have been seized pursuant to investigation.
The files that
make up each software package are analyzed to collect profile information,
such as file name, directory name, file size, and version.
The "software
fingerprints" are hexadecimal character strings derived from complicated
standard equations and algorithms applied to the contents of each file.
Each "fingerprint"
is unique to a specific file and can be used to determine if-
- A file has
been altered.
- A file has been
renamed or other means to hide it have been attempted.
- A file is what
it purports to be.
- A file is missing
when it should be found.
- A file is actually
present on a disk.
The NSRL can save
an investigator hundreds of hours in an investigation. A single computer
or hard disk drive can contain between 10,000 and 50,000 individual
files, each of which must be examined for probative value. If multiple
computers, disk drives, magnetic tapes, or other media are involved,
the staff hours could reach into the thousands and take months to finish.
The NSRL can reduce
the time it takes to investigate each computer by 40 to 95 percent,
depending on the contents of the file system.
It does this by
allowing the investigator to weed out those files that are known, i.e.,
have known profiles and fingerprints in our database. The investigator
can then concentrate on the unknown files.
NIST produces the
NSRL using state-of-the-art software and computers to verify the fingerprints
of each software package.
The database of
file profiles and fingerprints is periodically stored on a CD and shipped
to those organizations that have paid for an annual subscription to
updates.
The database is
known as the NSRL Reference Data Set (RDS) and is used in various products
associated with computer crime investigations. It may be freely copied
and distributed by any organizations.
NIST applies a
digital signature to each update of the RDS to enable the database to
be verified that it is correct and was produced by NIST. If any modifications
are made to the database, the signature will be different and show that
modifications have been made.
For more information
on NIST's redistribution policy for NSRL, click here
Price:
$90.00 for
an annual subscription (quarterly releases)
For
ordering information contact:
Standard Reference
Data
National Institute of Standards and Technology
100 Bureau Dr., Stop 2300
Gaithersburg, MD 20899-2310
Voice: (301)975-2008
Email: Contact Us
FAX: 301-926-0416
Technical
contact:
Douglas R. White
NIST North (820), Room 584
100 Bureau Drive, Stop 8970
Gaithersburg, MD 20899-8970
Email(w):nsrl@nist.gov
Voice(301) 975-4761
Keywords:
crime, computers, law enforcement, software, database management, graphics,
file profiles, software fingerprints, investigation, NIST, NIJ, FBI,
DCFL, US Customs Service