github/nsrlsvr
1
1
Fork 0
mirror of https://github.com/rjhansen/nsrlsvr.git synced 2026-01-09 22:37:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update index.md

Browse Source
This commit is contained in:
Robert J. Hansen
2019-09-02 23:40:48 -04:00
committed by GitHub
parent 941ea3e857
commit 8c9a64149b
1 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
index.md
View File

@@ -1,5 +1,5 @@
# nsrlsvr # nsrlsvr
The latest stable version is [1.6.1](https://github.com/rjhansen/nsrlsvr/archive/1.6.1.tar.gz), also available as [an RPM for Fedora 24 x86_64](https://github.com/rjhansen/nsrlsvr/releases/download/1.6.1/nsrlsvr-1.6.1-1.x86_64.rpm). The latest stable version is [1.7.0](https://github.com/rjhansen/nsrlsvr/archive/1.7.0.tar.gz).
## Whats nsrlsvr? ## Whats nsrlsvr?
The National Institute of Standards and Technology (NIST) maintains the National Software Reference Library (NSRL) — a giant compendium of software contributed by vendors. Its not a library in the sense that you can check things out from it, though: its more a library that you can check to see whether a given file already exists. All the system files from Windows 7 are in the NSRL, as is the latest releases of Firefox and Opera and Chrome, Winamp and… The National Institute of Standards and Technology (NIST) maintains the National Software Reference Library (NSRL) — a giant compendium of software contributed by vendors. Its not a library in the sense that you can check things out from it, though: its more a library that you can check to see whether a given file already exists. All the system files from Windows 7 are in the NSRL, as is the latest releases of Firefox and Opera and Chrome, Winamp and…
@@ -16,4 +16,36 @@ Forensic investigators, first responders and technical support staff often have
It keeps track of 40 million hash values in an in-memory dataset and allows users to query that set at extremely high volume. This allows an investigator using an NSRL tool (such as `nsrllookup`) to winnow through large numbers of files in a very short period of time. It keeps track of 40 million hash values in an in-memory dataset and allows users to query that set at extremely high volume. This allows an investigator using an NSRL tool (such as `nsrllookup`) to winnow through large numbers of files in a very short period of time.
## Who wrote it? ## Who wrote it?
I did — Rob Hansen, or rjhansen on GitHub. Feel free to [email me](mailto:rjh@sixdemonbag.org?subject=nsrlsvr). I did — Rob Hansen, or rjhansen on GitHub. Feel free to [email me](mailto:rjh@sixdemonbag.org?subject=nsrlsvr).
## Build instructions
You will need:
* The [source code](https://github.com/rjhansen/nsrlsvr/archive/1.7.0.tar.gz)
* A _good_ C++14 compiler. GCC 5.0 will work, barely. On the latest GCC and Clang it hums nicely.
* [CMake](https://www.cmake.org) 3.4 or later
* [Boost](https://boost.org) 1.66 or later
* A copy of the [minimal NSRL RDS](https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/current/rds_modernm.zip)
Once you've uncompressed the latest archive, go into that directory and:
```
cmake -DPYTHON_EXECUTABLE=`which python3` -DCMAKE_BUILD_TYPE=Release .
make
sudo make install
```
You will need a database of hashes to load into `nsrlsvr`. Extract the file `NSRLFile.txt` from `rds_modernm.zip` and run `nsrlupdate`:
```
sudo nsrlupdate /path/to/NSRLFile.txt
```
Once that's done you should be able to type
```
nsrlsvr
```
and have it start up.