How to Improve eDiscovery Before You Start: deNISTing

If you’ve tried to dabble in eDiscovery or play around with electronically-stored information (“ESI”) without eDiscovery software, you have probably uncovered hundreds or even thousands of useless files. If only you could cull all those useless files before you started! Imagine how much time—and how many billable hours—you could save?

Well, as you’ve undoubtedly guessed by now, there is an answer: deNISTing.

What is deNISTing?

DeNISTing is how your eDiscovery software separates valuable user-created data from standard vendor-created files. The process removes system files, program files, initialization files, device drivers, and other computer-generated files from your document collection, usually before you even start the scintillating document review process in earnest. DeNISTing your ESI document collection before you start your review culls legally-irrelevant files so you can analyze the ones that actually matter.

How Does deNISTing Work?

The deNISTing process varies a bit depending on the software you use. Ultimately, your software matches your ESI collection’s hash values, file-by-file, to the “NIST list.” The NIST list is a list of software application files published and maintained by the National Software Reference Library, a branch of the National Institute for Standards and Technology.1 The free-to-download NIST list is vetted and updated four times annually. If your collection includes a file that matches the NIST list, your software should remove it from your collection. The alternative, of course, is the annoying task of finding that file and excluding it manually. No, thank you.

The NIST list typically includes system file types and other files not created by human users, like .exe, .dll, .ini, .chm, and .DS_Store files.

DeNISTing has become common practice in eDiscovery and computer forensics. No one wants to review the standard components of a computer’s operating system or off-the-shelf software applications, and no one’s client wants to pay for someone to sift through them, either. DeNISTing usually happens alongside other document culling processes, like de-duplication, date range filtering, and other filtering processes. The goal is a clean document collection. Your document collection should let you review only the universe of files that might contain discoverable evidence. Everything else is just cruft.

deNISTing to uncover useful docs

Yup, found some pertinent documents here.

If you’re worried about losing evidence during the deNISTing process, there are safeguards for that. eDiscovery software and eDiscovery firms check a document’s file header for potentially useful information, just in case some nefarious character changed a document’s extension to hide something.

DeNISTing in Practice

Even with the file-header double-check, it’s worth reviewing different file types that are relevant to your particular matter. Then you can manually exclude those file types from the deNISTing process. For example, certain system files might be useful in an IP matter but not at all useful in a construction bond litigation. You should also discuss deNISTing with the court and opposing counsel in anticipation of any disputes about or challenges to the eDiscovery process.

The Downsides

DeNISTing is useful for culling wide swaths of irrelevant files from your document collection, but it has its faults. One common NIST list critique is that it’s incomplete, leaving many system files to slip through and ultimately require your review anyway. That’s a fair criticism. The list doesn’t include many operating systems’ and software suites’ files, usually because they are new or uncommon. That means you’ll probably need to do some extra work to find those files and their extensions and figure out how to filter them out. Still, with all the filtering options in most eDiscovery software solutions, supplemental filtering shouldn’t be too painful.

Want to Learn More?

If you’re interested in learning more about eDiscovery or finding eDiscovery software that suits your small firm or solo practice, check out our eDiscovery software reviews for more thoughts and tips. We also have an eDiscovery Skills & Tips section and a series of blog posts to help you better prepare for a smoother eDiscovery process.


  1. Author’s note: “NIST list” sounds way cooler than “NSRL list.” 

Leave a Reply