The National Software Reference Library collects the original media for off-the-shelf software. This information is processed to obtain digital signatures (also called hashes) that uniquely identify the files in the software packages. With the signatures, law enforcement investigators can automate the processing of these files on seized computers, system administrators can identify critical system files that may have been perturbed, digital archivists can identify applications versus user-created data, or exact duplicates of files.
The digital signatures from the software in the NSRL are distributed quarterly to subscribers in a Reference Data Set (RDS) on CDs. ISO images are available via free download one month after the subscriber media have been mailed.
The NSRL also collects downloaded files from websites, aka "clickwrapped" software. The digital signatures from these files are traceable to our level of satisfaction and are included in the RDS.
The NSRL is installing files from our software collection. The virtual machines containing the installed applications are processed for the digital signatures from files created during the installation process. These digital signatures are now included in the RDS distribution.
The NSRL welcomes donations of software that is on the original commercial media. Donations are accepted under a "non-use" assumption; we do not need installation codes, we will not install and use the software for daily business, we do not need most of the manuals.
The NSRL can be used to prosecute intellectual property crimes. A law enforcement agent or investigator can have easy and definitive access to prove that a given piece of software is or is not a copy of specific software. From a practical point of view, this means the prosecution will not have to obtain a copy of X software to prove that a file found on a defendant's system is from X software. The NSRL can easily be used in criminal and civil cases and in other investigations and dispute procedures.
Contributing to the NSRL shows a strong commitment to corporate citizenship. Much of the use of the NSRL will be to speed the investigative process. This directly helps law enforcement solve cases faster and with less cost. The NSRL is used by the FBI, the Secret Service, DoD, the US Customs Service, and many state, local and international agencies and private corporations.
To contribute, a company needs to either send NIST off-the-shelf versions of their software or provide NIST the ability to download software from a corporate website. NIST will not use the software; it will only be used as data to populate the NSRL database and subsequently released in the Reference Data Set (RDS).
Contributors receive one release of the RDS free of charge. The free release is traditionally the next quarterly release after the donation, so that the donated software is included.