Reducing the number of documents to review during an e-discovery project is a high priority for both attorneys and their clients. One commonly used technique is to remove files from a document set that are known to belong to certain software programs. This process is called “Known File Filtering” and is often referred to as “de-NISTing” since it uses a list of file hashes created by the National Institute of Standards and Technology (NIST).
The “NIST” list is actually a database called the National Software Reference Library (NSRL). This list contains information about software, including “hash” values which uniquely identify the data within a file, regardless of its name, date of creation or location. If two files contain identical data they will also have identical hash values.
The NSRL database represents a collection of categorized file information for software of all kinds. It organizes programs into groups, such as word processing software, system files, gaming programs, etc. This is different than several earlier file collections of common computer file information (like HashKeeper), the NSRL does not make a distinction between “good” and “bad” files and does not contain lists of contraband data, such as child pornography.
One of the key features of the NSRL is that anyone can submit software for review and inclusion in the list which has helped keep the list up to date. In fact, many e-discovery and digital forensics software companies have included the NSRL in their products to assist with culling out irrelevant data in the early stages of investigation.
To Continue Reading: Click Here