ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Liblnk"

From ForensicsWiki
Jump to: navigation, search
(3 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
   genre = {{Analysis}} |
 
   genre = {{Analysis}} |
 
   license = {{LGPL}} |
 
   license = {{LGPL}} |
   website = [http://liblnk.sourceforge.net liblnk.sourceforge.net] |
+
   website = [http://code.google.com/p/liblnk/ code.google.com/p/liblnk/] |
 
}}
 
}}
  
 
The '''liblnk''' package contains a library and applications to read the [[LNK|Windows Explorer Shortcut (LNK)]] format.
 
The '''liblnk''' package contains a library and applications to read the [[LNK|Windows Explorer Shortcut (LNK)]] format.
 
== History ==
 
 
Liblnk was created by [[Joachim Metz]] in 2009, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
 
  
 
== Tools ==  
 
== Tools ==  
Line 20: Line 16:
 
== Examples ==  
 
== Examples ==  
  
 +
Requesting the information in a LNK file:
 
<pre>
 
<pre>
 
lnkinfo Calculator.lnk
 
lnkinfo Calculator.lnk
Line 50: Line 47:
  
 
</pre>
 
</pre>
 +
 +
== History ==
 +
 +
Liblnk was created by [[Joachim Metz]] in 2009, while working for [http://en.hoffmannbv.nl/ Hoffmann Investigations].
 +
 +
== See Also ==
 +
* [[LNK|Windows Shortcut File (LNK) format]]
  
 
== External Links ==
 
== External Links ==
  
* [http://liblnk.sourceforge.net liblnk project site]
+
* [http://code.google.com/p/liblnk/ Project site]
 +
* [http://liblnk.sourceforge.net Old project site]

Revision as of 06:39, 25 August 2012

liblnk
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: code.google.com/p/liblnk/

The liblnk package contains a library and applications to read the Windows Explorer Shortcut (LNK) format.

Tools

The liblnk package contains the following tools:

  • lnkinfo, which shows information about LNK files.

Examples

Requesting the information in a LNK file:

lnkinfo Calculator.lnk
lnkinfo 20110711

Windows Shortcut information:
        Contains a link target identifier
        Contains a description string
        Contains a working directory string
        Contains an environment variables block

Link information:
        Creation time                   : Aug 10, 2004 16:54:24.000000 UTC
        Modification time               : Aug 04, 2004 14:00:00.000000 UTC
        Access time                     : Jun 26, 2006 10:36:41.703125 UTC
        Local path                      : C:\WINDOWS\system32\calc.exe
        Description                     : @%SystemRoot%\system32\shell32.dll,-22531
        Working directory               : C:\WINDOWS\system32
        Environment variables location  : %SystemRoot%\system32\calc.exe

Distributed link tracking data:
        Machine identifier              : hostname
        Droid volume identifier         : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Droid file identifier           : 00000000-1111-2222-3333-444444444444
        Birth droid volume identifier   : aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        Birth droid file identifier     : 00000000-1111-2222-3333-444444444444

History

Liblnk was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

See Also

External Links