Difference between revisions of "Liblnk"
From Forensics Wiki
Joachim Metz (Talk | contribs) |
Joachim Metz (Talk | contribs) (→Examples) |
||
| Line 20: | Line 20: | ||
== Examples == | == Examples == | ||
| + | Requesting the information in a LNK file: | ||
<pre> | <pre> | ||
lnkinfo Calculator.lnk | lnkinfo Calculator.lnk | ||
Revision as of 13:59, 11 July 2011
| liblnk | |
|---|---|
| Maintainer: | Joachim Metz |
| OS: | Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows |
| Genre: | Analysis |
| License: | LGPL |
| Website: | liblnk.sourceforge.net |
The liblnk package contains a library and applications to read the Windows Explorer Shortcut (LNK) format.
Contents |
History
Liblnk was created by Joachim Metz in 2009, while working for Hoffmann Investigations.
Tools
The liblnk package contains the following tools:
- lnkinfo, which shows information about LNK files.
Examples
Requesting the information in a LNK file:
lnkinfo Calculator.lnk
lnkinfo 20110711
Windows Shortcut information:
Contains a link target identifier
Contains a description string
Contains a working directory string
Contains an environment variables block
Link information:
Creation time : Aug 10, 2004 16:54:24.000000 UTC
Modification time : Aug 04, 2004 14:00:00.000000 UTC
Access time : Jun 26, 2006 10:36:41.703125 UTC
Local path : C:\WINDOWS\system32\calc.exe
Description : @%SystemRoot%\system32\shell32.dll,-22531
Working directory : C:\WINDOWS\system32
Environment variables location : %SystemRoot%\system32\calc.exe
Distributed link tracking data:
Machine identifier : hostname
Droid volume identifier : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
Droid file identifier : 00000000-1111-2222-3333-444444444444
Birth droid volume identifier : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
Birth droid file identifier : 00000000-1111-2222-3333-444444444444
