by Douglas Ankney
The National Institute of Standards and Technology (“NIST”) upgraded its National Software Reference Library (“NSRL”) to make its data easier for law enforcement agencies to access in searches during criminal investigations.
As of March 2022, the dataset of the NSRL contained more than a billion “hash records.” (A hash record is a sequence of numbers, letters, and symbols unique to software files that can be used like a fingerprint to identify particular files.) According to NIST computer scientist Doug White, “[t]here are hardly any major crimes that don’t have connections to digital technology, because criminals use cellphones.” But complicating searches of data on electronic devices during criminal investigations is the presence of benign “run-of-the-mill” files that don’t contain evidence of wrongdoing. “Let’s say you’ve got a computer that might contain incriminating photos or financial records, but it also has a few video games,” White explained. “Games often come with a lot of graphics files. You want to run your investigation as quickly and efficiently as possible, so what you need is a way to get rid of all the video game images.”
The dataset of the NSRL more than doubled since August 2019, making it a vital tool for digital forensics labs that specialize in this type of file review. While there are about 400 crime labs across the U.S., the number of digital forensics labs has exploded to about 11,000. The previous 2.0 version of searching the NSRL dated from 20 years ago and allowed law enforcement to import its hash records only in basic text onto a spreadsheet. Searching the spreadsheet was slow and cumbersome. The update — NSRL version 3.0 — uses the SQLite format, making it easier for users to create customized filters for sorting through files to find what they need for their investigation.
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login