ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Liblnk"

From ForensicsWiki
Jump to: navigation, search
(External Links)
(2 intermediate revisions by the same user not shown)
Line 51: Line 51:
Liblnk was created by [[Joachim Metz]] in 2009, while working for [ Hoffmann Investigations].
Liblnk was created by [[Joachim Metz]] in 2009, while working for [ Hoffmann Investigations].
== See Also ==
* [[LNK|Windows Shortcut File (LNK) format]]
== External Links ==
== External Links ==
* [ Project site]
* [ Project site]
* [ Old project site]

Revision as of 18:48, 23 September 2013

Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL

The liblnk package contains a library and applications to read the Windows Explorer Shortcut (LNK) format.


The liblnk package contains the following tools:

  • lnkinfo, which shows information about LNK files.


Requesting the information in a LNK file:

lnkinfo Calculator.lnk
lnkinfo 20110711

Windows Shortcut information:
        Contains a link target identifier
        Contains a description string
        Contains a working directory string
        Contains an environment variables block

Link information:
        Creation time                   : Aug 10, 2004 16:54:24.000000 UTC
        Modification time               : Aug 04, 2004 14:00:00.000000 UTC
        Access time                     : Jun 26, 2006 10:36:41.703125 UTC
        Local path                      : C:\WINDOWS\system32\calc.exe
        Description                     : @%SystemRoot%\system32\shell32.dll,-22531
        Working directory               : C:\WINDOWS\system32
        Environment variables location  : %SystemRoot%\system32\calc.exe

Distributed link tracking data:
        Machine identifier              : hostname
        Droid volume identifier         : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Droid file identifier           : 00000000-1111-2222-3333-444444444444
        Birth droid volume identifier   : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Birth droid file identifier     : 00000000-1111-2222-3333-444444444444


Liblnk was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

See Also

External Links