Link Parser – Parse Microsoft Shell Link (.lnk) Files

0
0

Microsoft LNK files are shortcut that link to an application or user files and they may contain an important artifact during a forensic analyses. windows operating system will generate an LNK file when a user will open a local or a remote file on a system. this mean that even if the file or application in subject do not exist on the system the incident handler may find these shortcut files that will include valuable evidence around the attack. If you are looking to investigate .lnk files you can check Link Parser.

Link Parser will allow you to import LNK files information from a folder and display all required information that include original file path , date of the file access, date of the file modification, file creation date, file hash MD5, user network details such as the MAC address where the linked file is stored, serial number and much more.

Link Parser - Parse Microsoft Shell Link (.lnk) Files

Link Parser – Parse Microsoft Shell Link (.lnk) Files

Current version for Link Parser is 1.3 and features for this tool include the following:

  • Parses a single item, multiple selected items, or recursively over a folder or mounted forensic image
  • Multi-Select individual files
  • Exports to CSV for easy analysis
  • GUI supports Date/Time sorting
  • Over 30 attributes extracted

Depending on the operating system version in use. User will just need to select the required folder and import the files to the tool next generate the CSV report.

You can read more and download this tool over here: http://www.4discovery.com/our-tools/

Share