Data Reduction Software Accelerates Investigations
Data reduction—eliminating “known” files, such as operating system and application files, during an investigation—is a critical component of the computer forensics process.
If a specific file’s profile and signature match the database of “known” files, that file can be excluded from review, saving investigators valuable time. Only those files that don’t match would be subject to further investigation.
Computer forensics software can automate this process.
NIST has created a National Software Reference Library, which is designed to collect software from various sources and incorporate file profiles from the software into a Reference Data Set (RDS) of information. The RDS is a collection of digital signatures of known, traceable software applications. It currently contains data for about 11,000 software apps. Using RDS data imported into commercial data reduction software, “known” file filters give managers investigating an incident a repository of “ignorable” files.
From: Data Reduction Software Accelerates Computer Forensic Investigations by Richard W. Walker