ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Liblnk"

From ForensicsWiki
Jump to: navigation, search
(External Links)
(One intermediate revision by the same user not shown)
Line 53: Line 53:
  
 
== See Also ==
 
== See Also ==
* [[LNK|Windows Shortcut (LNK) format]]
+
* [[LNK|Windows Shortcut File (LNK) format]]
  
 
== External Links ==
 
== External Links ==
  
 
* [http://code.google.com/p/liblnk/ Project site]
 
* [http://code.google.com/p/liblnk/ Project site]
* [http://liblnk.sourceforge.net Old project site]
 

Revision as of 18:48, 23 September 2013

liblnk
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: code.google.com/p/liblnk/

The liblnk package contains a library and applications to read the Windows Explorer Shortcut (LNK) format.

Tools

The liblnk package contains the following tools:

  • lnkinfo, which shows information about LNK files.

Examples

Requesting the information in a LNK file:

lnkinfo Calculator.lnk
lnkinfo 20110711

Windows Shortcut information:
        Contains a link target identifier
        Contains a description string
        Contains a working directory string
        Contains an environment variables block

Link information:
        Creation time                   : Aug 10, 2004 16:54:24.000000 UTC
        Modification time               : Aug 04, 2004 14:00:00.000000 UTC
        Access time                     : Jun 26, 2006 10:36:41.703125 UTC
        Local path                      : C:\WINDOWS\system32\calc.exe
        Description                     : @%SystemRoot%\system32\shell32.dll,-22531
        Working directory               : C:\WINDOWS\system32
        Environment variables location  : %SystemRoot%\system32\calc.exe

Distributed link tracking data:
        Machine identifier              : hostname
        Droid volume identifier         : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Droid file identifier           : 00000000-1111-2222-3333-444444444444
        Birth droid volume identifier   : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Birth droid file identifier     : 00000000-1111-2222-3333-444444444444

History

Liblnk was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

See Also

External Links