github/nsrlsvr
1
1
Fork 0
mirror of https://github.com/rjhansen/nsrlsvr.git synced 2026-01-09 06:18:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update index.md

Browse Source
This commit is contained in:
Robert J. Hansen
2019-09-02 23:40:48 -04:00
committed by GitHub
parent 941ea3e857
commit 8c9a64149b
1 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
index.md
View File

@@ -1,5 +1,5 @@
# nsrlsvr
The latest stable version is [1.6.1](https://github.com/rjhansen/nsrlsvr/archive/1.6.1.tar.gz), also available as [an RPM for Fedora 24 x86_64](https://github.com/rjhansen/nsrlsvr/releases/download/1.6.1/nsrlsvr-1.6.1-1.x86_64.rpm).
The latest stable version is [1.7.0](https://github.com/rjhansen/nsrlsvr/archive/1.7.0.tar.gz).
## Whats nsrlsvr?
The National Institute of Standards and Technology (NIST) maintains the National Software Reference Library (NSRL) — a giant compendium of software contributed by vendors. Its not a library in the sense that you can check things out from it, though: its more a library that you can check to see whether a given file already exists. All the system files from Windows 7 are in the NSRL, as is the latest releases of Firefox and Opera and Chrome, Winamp and…
@@ -16,4 +16,36 @@ Forensic investigators, first responders and technical support staff often have
It keeps track of 40 million hash values in an in-memory dataset and allows users to query that set at extremely high volume. This allows an investigator using an NSRL tool (such as `nsrllookup`) to winnow through large numbers of files in a very short period of time.
## Who wrote it?
I did — Rob Hansen, or rjhansen on GitHub. Feel free to [email me](mailto:rjh@sixdemonbag.org?subject=nsrlsvr).
I did — Rob Hansen, or rjhansen on GitHub. Feel free to [email me](mailto:rjh@sixdemonbag.org?subject=nsrlsvr).
## Build instructions
You will need:
* The [source code](https://github.com/rjhansen/nsrlsvr/archive/1.7.0.tar.gz)
* A _good_ C++14 compiler. GCC 5.0 will work, barely. On the latest GCC and Clang it hums nicely.
* [CMake](https://www.cmake.org) 3.4 or later
* [Boost](https://boost.org) 1.66 or later
* A copy of the [minimal NSRL RDS](https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/current/rds_modernm.zip)
Once you've uncompressed the latest archive, go into that directory and:
```
cmake -DPYTHON_EXECUTABLE=`which python3` -DCMAKE_BUILD_TYPE=Release .
make
sudo make install
```
You will need a database of hashes to load into `nsrlsvr`. Extract the file `NSRLFile.txt` from `rds_modernm.zip` and run `nsrlupdate`:
```
sudo nsrlupdate /path/to/NSRLFile.txt
```
Once that's done you should be able to type
```
nsrlsvr
```
and have it start up.