LNK Files and Jump Lists
As a continuation of the "Introduction to Windows Forensics" series, this video introduces the ubiquitous LNK, or "link", file, as well as a lesser known Windows feature called Jump Lists.
Both of these artifacts provide us with numerous items of forensic interest. We'll first take a look at the basic information you need to know in order to parse these artifacts. Then, we'll take a look inside an LNK file, and use ExifTool and Lnk Explorer to extract items of evidentiary value. Lastly, we'll look at Jump Lists, and use JumpList Explorer to explore the contents of those files.
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
Introduction to Windows Forensics:
• Introduction to Windows Forensics
LNK Files:
http://forensicswiki.org/wiki/LNK
Forensic Analysis of LNK files:
https://www.magnetforensics.com/compu...
Jump Lists:
http://forensicswiki.org/wiki/Jump_Lists
4n6k Jump List AppID Master List:
https://github.com/4n6k/Jump_List_App...
ExifTool:
https://www.sno.phy.queensu.ca/~phil/...
Lnk Explorer:
https://ericzimmerman.github.io/
JumpList Explorer:
https://ericzimmerman.github.io/
** Additional Tools Referenced in This Video **
Lnkanalyser:
http://www.woanware.co.uk/forensics/l...
Windows LNK Parsing Utility:
https://tzworks.net/prototype_page.ph...
Internet Evidence Finder (IEF):
https://www.magnetforensics.com/magne...
JumpLister:
http://www.woanware.co.uk/forensics/j...
JumpListsView:
https://www.nirsoft.net/utils/jump_li...
Windows Jump List Parser:
https://tzworks.net/prototype_page.ph...
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Watch video LNK Files and Jump Lists online without registration, duration hours minute second in high quality. This video was added by user 13Cubed 06 November 2017, don't forget to share it with your friends and acquaintances, it has been viewed on our site 31,17 once and liked it 57 people.