Difference between revisions of "Liblnk"
From Forensics Wiki
Joachim Metz (Talk | contribs) (→Examples) |
Joachim Metz (Talk | contribs) |
||
| Line 5: | Line 5: | ||
genre = {{Analysis}} | | genre = {{Analysis}} | | ||
license = {{LGPL}} | | license = {{LGPL}} | | ||
| − | website = [http:// | + | website = [http://code.google.com/p/liblnk/ code.google.com/p/liblnk/] | |
}} | }} | ||
The '''liblnk''' package contains a library and applications to read the [[LNK|Windows Explorer Shortcut (LNK)]] format. | The '''liblnk''' package contains a library and applications to read the [[LNK|Windows Explorer Shortcut (LNK)]] format. | ||
| − | |||
| − | |||
| − | |||
| − | |||
== Tools == | == Tools == | ||
| Line 51: | Line 47: | ||
</pre> | </pre> | ||
| + | |||
| + | == History == | ||
| + | |||
| + | Liblnk was created by [[Joachim Metz]] in 2009, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations]. | ||
== External Links == | == External Links == | ||
| − | * [http://liblnk.sourceforge.net | + | * [http://code.google.com/p/liblnk/ Project site] |
| + | * [http://liblnk.sourceforge.net Old project site] | ||
Revision as of 01:36, 25 August 2012
| liblnk | |
|---|---|
| Maintainer: | Joachim Metz |
| OS: | Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows |
| Genre: | Analysis |
| License: | LGPL |
| Website: | code.google.com/p/liblnk/ |
The liblnk package contains a library and applications to read the Windows Explorer Shortcut (LNK) format.
Contents |
Tools
The liblnk package contains the following tools:
- lnkinfo, which shows information about LNK files.
Examples
Requesting the information in a LNK file:
lnkinfo Calculator.lnk
lnkinfo 20110711
Windows Shortcut information:
Contains a link target identifier
Contains a description string
Contains a working directory string
Contains an environment variables block
Link information:
Creation time : Aug 10, 2004 16:54:24.000000 UTC
Modification time : Aug 04, 2004 14:00:00.000000 UTC
Access time : Jun 26, 2006 10:36:41.703125 UTC
Local path : C:\WINDOWS\system32\calc.exe
Description : @%SystemRoot%\system32\shell32.dll,-22531
Working directory : C:\WINDOWS\system32
Environment variables location : %SystemRoot%\system32\calc.exe
Distributed link tracking data:
Machine identifier : hostname
Droid volume identifier : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
Droid file identifier : 00000000-1111-2222-3333-444444444444
Birth droid volume identifier : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
Birth droid file identifier : 00000000-1111-2222-3333-444444444444
History
Liblnk was created by Joachim Metz in 2009, while working for Hoffmann Investigations.
