Difference between revisions of "Liblnk"

From Forensics Wiki
Jump to: navigation, search
(Created page with "{{Infobox_Software | name = liblnk | maintainer = Joachim Metz | os = Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows | genre = {{Analysis}...")
 
 
(4 intermediate revisions by one user not shown)
Line 5: Line 5:
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
 
   license = {{LGPL}} |
 
   license = {{LGPL}} |
   website = [http://liblnk.sourceforge.net liblnk.sourceforge.net] |
+
   website = [http://code.google.com/p/liblnk/ code.google.com/p/liblnk/] |
 
}}
 
}}
  
 
The '''liblnk''' package contains a library and applications to read the [[LNK|Windows Explorer Shortcut (LNK)]] format.
 
The '''liblnk''' package contains a library and applications to read the [[LNK|Windows Explorer Shortcut (LNK)]] format.
 +
 +
== Tools ==
 +
The '''liblnk''' package contains the following tools:
 +
* '''lnkinfo''', which shows information about LNK files.
 +
 +
== Examples ==
 +
 +
Requesting the information in a LNK file:
 +
<pre>
 +
lnkinfo Calculator.lnk
 +
</pre>
 +
 +
<pre>
 +
lnkinfo 20110711
 +
 +
Windows Shortcut information:
 +
        Contains a link target identifier
 +
        Contains a description string
 +
        Contains a working directory string
 +
        Contains an environment variables block
 +
 +
Link information:
 +
        Creation time                  : Aug 10, 2004 16:54:24.000000 UTC
 +
        Modification time              : Aug 04, 2004 14:00:00.000000 UTC
 +
        Access time                    : Jun 26, 2006 10:36:41.703125 UTC
 +
        Local path                      : C:\WINDOWS\system32\calc.exe
 +
        Description                    : @%SystemRoot%\system32\shell32.dll,-22531
 +
        Working directory              : C:\WINDOWS\system32
 +
        Environment variables location  : %SystemRoot%\system32\calc.exe
 +
 +
Distributed link tracking data:
 +
        Machine identifier              : hostname
 +
        Droid volume identifier        : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
 +
        Droid file identifier          : 00000000-1111-2222-3333-444444444444
 +
        Birth droid volume identifier  : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
 +
        Birth droid file identifier    : 00000000-1111-2222-3333-444444444444
 +
 +
</pre>
  
 
== History ==  
 
== History ==  
Line 14: Line 52:
 
Liblnk was created by [[Joachim Metz]] in 2009, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
 
Liblnk was created by [[Joachim Metz]] in 2009, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
  
== Tools ==  
+
== See Also ==
The '''liblnk''' package contains the following tools:
+
* [[LNK|Windows Shortcut File (LNK) format]]
* '''lnkinfo''', which shows information about LNK files.
+
  
 
== External Links ==
 
== External Links ==
  
* [http://liblnk.sourceforge.net liblnk project site]
+
* [http://code.google.com/p/liblnk/ Project site]
 +
* [http://liblnk.sourceforge.net Old project site]

Latest revision as of 01:39, 25 August 2012

liblnk
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: code.google.com/p/liblnk/

The liblnk package contains a library and applications to read the Windows Explorer Shortcut (LNK) format.

Contents

[edit] Tools

The liblnk package contains the following tools:

  • lnkinfo, which shows information about LNK files.

[edit] Examples

Requesting the information in a LNK file: 

lnkinfo Calculator.lnk

lnkinfo 20110711

Windows Shortcut information:
        Contains a link target identifier
        Contains a description string
        Contains a working directory string
        Contains an environment variables block

Link information:
        Creation time                   : Aug 10, 2004 16:54:24.000000 UTC
        Modification time               : Aug 04, 2004 14:00:00.000000 UTC
        Access time                     : Jun 26, 2006 10:36:41.703125 UTC
        Local path                      : C:\WINDOWS\system32\calc.exe
        Description                     : @%SystemRoot%\system32\shell32.dll,-22531
        Working directory               : C:\WINDOWS\system32
        Environment variables location  : %SystemRoot%\system32\calc.exe

Distributed link tracking data:
        Machine identifier              : hostname
        Droid volume identifier         : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Droid file identifier           : 00000000-1111-2222-3333-444444444444
        Birth droid volume identifier   : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Birth droid file identifier     : 00000000-1111-2222-3333-444444444444

[edit] History

Liblnk was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

[edit] See Also

[edit] External Links

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Liblnk&oldid=10664"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox