Evidence: Collect LNK Files
Description: Collect LNK Files
Category: System
Platform: windows
Short Name: lnkscol
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): Yes
Background
Windows shortcut (.lnk) files record metadata about target files and execution. This data is essential for identifying file launches and user activity.
Data Collected
This collector gathers structured data about collect lnk files.
Collection Method
This collector searches common paths for .lnk files across drives, copies them, and records file timestamps into lnk_collected_files.
Forensic Value
This evidence is crucial for forensic investigations as .lnk artifacts can reveal execution paths and accessed files even if originals are deleted.
