LNK Parsed

Overview

Evidence: Parse LNK Files Description: Parse LNK Files Category: System Platform: windows Short Name: lnks Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Parsing Windows shortcut (.lnk) files reveals target paths, timestamps, and execution parameters. This data is essential for confirming program launches and file access.

Data Collected

This collector gathers structured data about parse lnk files.

Collection Method

This collector walks common paths, parses .lnk files using a structured parser, and records target metadata and LNK metadata into lnk_files.

Forensic Value

This evidence is crucial for forensic investigations as .lnk contents provide strong traces of user actions and program execution.