NIST Updates Software Reference Library

Software files can be identified by a sort of electronic fingerprint called a hash. The NSRL dataset update makes it easy to separate hashes indicating run-of-the-mill files from those that might contain incriminating evidence, making investigative work easier. Credit: N. Hanacek/NIST

The National Institute of Standards and Technology (NIST) announced an update to the National Software Reference Library. The expanded, more searchable database will make it easier to sift through seized computers, phones and other electronic equipment.

The database plays a frequent role in criminal investigations involving electronic files, which can be evidence of wrongdoing. According to the NIST news release, “In the first major update to the NSRL in two decades, NIST has increased the number and type of records in the database to reflect the widening variety of software files that law enforcement might encounter on a device. The agency has also changed the format of the records to make the NSRL more searchable.”

NIST said that criminal and civil investigations frequently involve digital evidence in the form of software and files from seized computers and phones. Investigators need a way to filter out the large quantities of data irrelevant to the investigation so they can focus on finding relevant evidence.

The news release stated, “The update comes at a time when investigators must contend with a rapidly expanding universe of software, most of which produces numerous files that are stored in memory. Each of these files can be identified by a sort of electronic fingerprint called a hash, which is the key to the sifting process. The sophistication of the sifting process can vary depending on the type of investigation being performed.”

NIST reported that the NSRL’s reference dataset doubled from half a billion hash records in August 2019 to more than a billion in March 2022.

The new release notes why the dataset is important to digital forensic labs: “This growth makes the NSRL a vitally important tool for digital forensics labs, which specialize in this sort of file review. Such work has become a crucial part of investigations: There are about 11,000 digital forensics labs in the United States (compared with about 400 crime labs).”

The previous database version dates back 20 years, and while searching was possible, it was cumbersome. The new NSRL update will make it easier for users to create custom filters to sort through files and find what they need for a particular investigation.

The dataset and more information on the update are available at

The Center for Statistics and Applications in Forensic Evidence (CSAFE), a NIST Center of Excellence, conducts research addressing the need for forensic tools and methods for digital evidence. Learn more about this research at