Collect LNK Files

Overview

Evidence: Collect LNK Files Description: Collect LNK Files Category: System Platform: windows Short Name: lnkscol Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): Yes

Background

Windows shortcut (.lnk) files record metadata about target files and execution. This data is essential for identifying file launches and user activity.

Data Collected

This collector gathers structured data about collect lnk files.

Collection Method

This collector searches common paths for .lnk files across drives, copies them, and records file timestamps into lnk_collected_files.

Forensic Value

This evidence is crucial for forensic investigations as .lnk artifacts can reveal execution paths and accessed files even if originals are deleted.