Software Library Helps Law Enforcement Catch Dangerous Criminals

I get unusual calls at my job, but one of the most memorable was from the Food and Drug Administration in 2004. They urgently needed a very old copy of a popular bookkeeping software package, and people’s lives were on the line.

That’s because a doctor in Florida had accidentally given a dangerously high dose of fake Botox to four of his patients. Health officials needed to find these patients and get them medical care before their lives were in danger.

But the names and contact information for the patients were stored on an old version of this software that no one in the local area could open. The software company wasn’t able to assist, but NIST has a massive library of nearly every major piece of software and mobile app that has existed since 2001.

We found it and gave a copy to the FDA. An FDA representative signed an agreement that they would only use it for this lifesaving purpose and would destroy it when finished. The FDA drove it from my office in Gaithersburg, Maryland, to a Florida-bound plane. The file was opened, and local health officials were able to locate and help all of the patients.

This story is not typical and not something we often use our library for, but it’s an example of how versatile it has been throughout its history.

How the National Software Reference Library Works

The library, which I manage, sits in an unmarked room in a building on the NIST Gaithersburg, Maryland, campus. We treat it like an evidence locker, with more than a kilometer of shelf space dedicated to software. Officials at the FBI asked NIST to create this library in 2001, as they knew they could rely on us for open and reliable data.

The National Software Reference Library (NSRL) creates digital fingerprints of software using an algorithm called a cryptographic hash. Because they work like fingerprints, you can use them to quickly identify known content on a computer. We do all of this without violating any copyrights or accessing proprietary information.

The primary users are from law enforcement agencies. The NSRL standard reference data publication helps police work faster and focus on what they’re looking for. NIST and the NSRL’s role is to provide the digital fingerprints of benign images and multimedia, such as the millions of routine computer files, clip art and videos included in common software on devices and computers. Those files can be quickly eliminated from casework, allowing law enforcement to find the evidence.

For example, if you’re working on a financial fraud case, our library might show that, in a sea of other files, this computer has multiple versions of bookkeeping software. That’s probably where investigators want to look.

We also work with national and international law enforcement to improve the automated systems that combat human trafficking and child abuse. NIST cannot collect illegal images and multimedia that are examples of crimes — law enforcement agencies do that. We supply fingerprints of the benign files that may obscure the illegal content.

We collect the top-selling and most popular software, both new titles and updates, based on monthly sales and download reports. We also get suggestions if our users find the library to be lacking in a particular area.

From Floppy Disks to Smartphones

When I joined the NSRL project in 2001, I brought my experiences with databases and collections of networked computers, known as distributed systems.

The technology landscape was very different back then. I scavenged NIST’s excess equipment to build a cluster of machines that increased the processing capability fourfold. That gave us a head start when digital investigations increased dramatically, and we were able to request better equipment.

The library keeps evolving to meet demand. But, as with almost everything related to technology, you are always racing to keep ahead of the innovations. Floppy disks gave way to CDs and DVDs, followed by downloads of huge applications and data. Operating systems can now update weekly, and mobile apps are even faster. Law enforcement needs to be able to deal with the quantity and rapid speed of new software.

As I’ve worked my way up to the project lead position, NSRL has always had a good team to attack the challenges and make the work enjoyable.

Looking Ahead to the Future of the Software Library

New software and apps are published every day, so we’re always adding to the database. One of the projects we’re working on this year is getting the software fingerprints published out of our library faster, so our users have quick access to the information.

As more computing happens on cellphones, we’re also looking to expand to as many mobile operating systems as possible, beyond just the Apple and Android operating systems that so many cellphone users rely on. This will allow us to fully capture digital history and support our customers in law enforcement.

Another way we’re working to make our database more useful is by collaborating with our colleagues at the National Vulnerability Database, a repository of information on software and hardware flaws that can compromise computer security.

The goal is that when NVD identifies an issue with a piece of software, our reference library team could then provide the proper hash information for administrators to automate the identification and patching of compromised software. That will help keep the technologies we rely on every day safer from viruses and other issues.

Whatever is ahead in the world of software, we’ll be here to catalog it, whether for investigations or computing history.