ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Liblnk" and "Header"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
(Place holder for now. Will properly create a page soon!)
 
Line 1: Line 1:
{{Infobox_Software |
+
For now, see "File Signatures" here - http://en.wikipedia.org/wiki/List_of_file_signatures
  name = liblnk |
+
  maintainer = [[Joachim Metz]] |
+
  os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] |
+
  genre = {{Analysis}} |
+
  license = {{LGPL}} |
+
  website = [http://code.google.com/p/liblnk/ code.google.com/p/liblnk/] |
+
}}
+
 
+
The '''liblnk''' package contains a library and applications to read the [[LNK|Windows Explorer Shortcut (LNK)]] format.
+
 
+
== Tools ==
+
The '''liblnk''' package contains the following tools:
+
* '''lnkinfo''', which shows information about LNK files.
+
 
+
== Examples ==
+
 
+
Requesting the information in a LNK file:
+
<pre>
+
lnkinfo Calculator.lnk
+
</pre>
+
 
+
<pre>
+
lnkinfo 20110711
+
 
+
Windows Shortcut information:
+
        Contains a link target identifier
+
        Contains a description string
+
        Contains a working directory string
+
        Contains an environment variables block
+
 
+
Link information:
+
        Creation time                  : Aug 10, 2004 16:54:24.000000 UTC
+
        Modification time              : Aug 04, 2004 14:00:00.000000 UTC
+
        Access time                    : Jun 26, 2006 10:36:41.703125 UTC
+
        Local path                      : C:\WINDOWS\system32\calc.exe
+
        Description                    : @%SystemRoot%\system32\shell32.dll,-22531
+
        Working directory              : C:\WINDOWS\system32
+
        Environment variables location  : %SystemRoot%\system32\calc.exe
+
 
+
Distributed link tracking data:
+
        Machine identifier              : hostname
+
        Droid volume identifier        : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
+
        Droid file identifier          : 00000000-1111-2222-3333-444444444444
+
        Birth droid volume identifier  : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
+
        Birth droid file identifier    : 00000000-1111-2222-3333-444444444444
+
 
+
</pre>
+
 
+
== History ==
+
 
+
Liblnk was created by [[Joachim Metz]] in 2009, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
+
 
+
== See Also ==
+
* [[LNK|Windows Shortcut File (LNK) format]]
+
 
+
== External Links ==
+
 
+
* [http://code.google.com/p/liblnk/ Project site]
+

Revision as of 05:14, 24 September 2013

For now, see "File Signatures" here - http://en.wikipedia.org/wiki/List_of_file_signatures