E-Discovery Processing Workflows Explained – What is De-NISTing?

E-Discovery Processing Workflows Explained – What is De-NISTing?

De-NISTing is the standard eDiscovery practice of removing system files, and other non-user generated ESI from a dataset during the data processing stage. NIST refers to the acronym of National Institute of Standards and Technology.  

The goal of De-NISTing is to remove ESI that is unlikely to contain relevant information, and in turn reduce the size of dataset and overall cost of hosting and reviewing the dataset. De-NISTing occurs in the processing stage of the EDRM following data collection and prior to document review.  

To determine which files are generic system files, datasets are processed with De-NISTing workflows that utilize The National Software Reference Library (NSRL). The NSRL is a database comprised of numerous datasets that represent the “digital signature” of various known and traceable applications based on their standard system and application files. These digital signatures are used to determine which files are non-user generated, so they can be removed from the data set to reduce the total size of the data population. NIST is constantly evaluating and updating their database as new data sources emerge.  

The NIST.gov website for the NSRL describes the use of this database by saying “The RDS (Reference Data Set) can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations”.  

De-NISTing is a common eDiscovery workflow that should be standard to most, if not all, data processing and culling processes. De-NISTing is commonly combined with de-duplication workflows to dramatically reduce the number of files to be reviewed.   

Benefits of De-NISTing:

  • Defensibly reduces the amount of ESI to be hosted, reviewed, and therefore produced 
  • Increased searchability through reducing data population and removing un-wanted files 
  • Master software application list managed, authenticated, and maintained by NIST 
  • Relativity easy to implement into existing workflows 
  • De-NISTing workflows are built-into many existing data processing platforms 

TERIS’ eDiscovery processing and analytic workflows are proven to reduce review populations by an average of 30-40% more than traditional data culling and filtering methods. Our workflows are proven to reduce legal spend through defensibly reducing the amount of data to be reviewed by attorneys.  
Reach out today to learn more about our eDiscovery and ESI processing solutions.  

[1] “National Software Reference Library (NSRL).” NIST, 27 Jan. 2022, https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl/