http://ow.ly/6lWgW
An article by Craig Ball, Esq. on his blog Ball in Your Court.
This article takes the National Institute for Standards and Technology to task. The NIST provides four annual updates of the NIST list, which matches files to hash values that are stored by the National Software Reference Library. The NIST list is used by eDiscovery service providers to remove system files, and other common program and "noise" files that are not likely to be relevant information in any typical litigation...this process is referred to as De-NISTing.
The author points out major flaws in the De-NISTing process, in particular as it pertains to Windows 7 operating system. The author provides some startling statistics, "I created a pristine install of Windows 7 on a sterile hard drive. The pristine install consisted of 47,690 files, and everything on the drive that wasn’t fashioned on the fly as part of the install process came straight off the Windows installation disk.
But, do you know how may of those 47,690 files were on the latest NIST list? Just 7,277! That’s right, the NIST list misses 85% of the files in a pristine Windows 7 installation."
As the article goes on to further state, "I did some exploring and found that one reason the NIST list missed so many noise files is because NIST hasn’t yet processed Windows 7 for addition to the list. More than 350 million machines run Windows 7, but apparently none at NIST. Arrrgh! What’s more, the NIST list doesn’t include the components of Microsoft Office 2010 either. Only 100 million machines run Office 2010."
Hence, eDiscovery service providers, and those performing de-NISTing in-house need to be wary of this. The writers of this blog have discussed this issue in the past, and are certainly troubled by the fact that the NIST seems to regularly lag behind the technology that is already in widespread use by the public.
0 comments:
Post a Comment