LNK Files and Jump Lists
As a continuation of the "Introduction to Windows Forensics" series, this video introduces the ubiquitous LNK, or "link", file, as well as a lesser known Windows feature called Jump Lists.
Both of these artifacts provide us with numerous items of forensic interest. We'll first take a look at the basic information you need to know in order to parse these artifacts. Then, we'll take a look inside an LNK file, and use ExifTool and Lnk Explorer to extract items of evidentiary value. Lastly, we'll look at Jump Lists, and use JumpList Explorer to explore the contents of those files.
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
Introduction to Windows Forensics:
• Introduction to Windows Forensics
LNK Files:
http://forensicswiki.org/wiki/LNK
Forensic Analysis of LNK files:
https://www.magnetforensics.com/compu...
Jump Lists:
http://forensicswiki.org/wiki/Jump_Lists
4n6k Jump List AppID Master List:
https://github.com/4n6k/Jump_List_App...
ExifTool:
https://www.sno.phy.queensu.ca/~phil/...
Lnk Explorer:
https://ericzimmerman.github.io/
JumpList Explorer:
https://ericzimmerman.github.io/
** Additional Tools Referenced in This Video **
Lnkanalyser:
http://www.woanware.co.uk/forensics/l...
Windows LNK Parsing Utility:
https://tzworks.net/prototype_page.ph...
Internet Evidence Finder (IEF):
https://www.magnetforensics.com/magne...
JumpLister:
http://www.woanware.co.uk/forensics/j...
JumpListsView:
https://www.nirsoft.net/utils/jump_li...
Windows Jump List Parser:
https://tzworks.net/prototype_page.ph...
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Смотрите видео LNK Files and Jump Lists онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь 13Cubed 06 Ноябрь 2017, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 31,17 раз и оно понравилось 57 людям.