Difference between revisions of "Liblnk"

Revision as of 13:58, 11 July 2011

liblnk
Maintainer:	Joachim Metz
OS:	Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre:	Analysis
License:	LGPL
Website:	liblnk.sourceforge.net

The liblnk package contains a library and applications to read the Windows Explorer Shortcut (LNK) format.

History

Liblnk was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

Tools

The liblnk package contains the following tools:

lnkinfo, which shows information about LNK files.

Examples

lnkinfo Calculator.lnk

lnkinfo 20110711

Windows Shortcut information:
        Contains a link target identifier
        Contains a description string
        Contains a working directory string
        Contains an environment variables block

Link information:
        Creation time                   : Aug 10, 2004 16:54:24.000000 UTC
        Modification time               : Aug 04, 2004 14:00:00.000000 UTC
        Access time                     : Jun 26, 2006 10:36:41.703125 UTC
        Local path                      : C:\WINDOWS\system32\calc.exe
        Description                     : @%SystemRoot%\system32\shell32.dll,-22531
        Working directory               : C:\WINDOWS\system32
        Environment variables location  : %SystemRoot%\system32\calc.exe

Distributed link tracking data:
        Machine identifier              : hostname
        Droid volume identifier         : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Droid file identifier           : 00000000-1111-2222-3333-444444444444
        Birth droid volume identifier   : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Birth droid file identifier     : 00000000-1111-2222-3333-444444444444

External Links

liblnk project site

Difference between revisions of "Liblnk"

Revision as of 13:58, 11 July 2011

Contents

History

Tools

Examples

External Links

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation:

About forensicswiki.org:

Toolbox