NCJ Number
211923
Date Published
2003
Length
2 pages
Annotation
The National Software Reference Library (NSRL) can be used to automate the search for evidence in computers seized in the course of an investigation.
Abstract
The goal of the NSRL project--which is supported by the National Institute of Justice, other Federal agencies and departments, and State and local law enforcement agencies--is to promote the efficient and effective use of computer technology in the investigation of crimes that involve computers. The technology underlying the NSRL involves digital signatures or "hash sets." The concept of having a unique string that can be identified with a particular data file is similar to unique fingerprints that identify a person. The contents of every file can be manipulated mathematically to produce a unique value or number, which can identify the file. When a computer is searched, investigators use computer forensic tools to create hash values for the files on the computer and compare those values with the reference hash set. This comparison automatically eliminates files that investigators do not need to investigate further, thus saving a significant amount of time. Using such hash sets can often eliminate 75 percent of the files on a computer. Since the project began 2 years ago, the National Institute of Standards and Technology (NIST) has hashed just over 4,000 software applications. Once the software is collected, it is shelved in a locked room in case project team members need to recalculate hashes. The primary focus of the hash set is to qualify for admissibility in court. The project hopes to have an open-source version of the NIST code used to generate the hashes available by late summer 2003, so agencies can hash files on their own.