LNK file analysis with Link Parser
Link Parser is another free tool that can be used by digital forensic examiners for Microsoft Shell Link files. It is developed by 4Discovery, and is capable of parsing a single LNK file, multiple selected files, or recursively over a folder or mounted forensic image.
Getting ready
Go to the Link Parser page on 4Discovery's website (you can find the link in the See Also section), and download an archive with the tool - at the time of writing the most recent version is 1.3. Unpack the archive, and you are ready to go.
How to do it...
Start LinkParser.exe, click on the folder icon, and choose a folder with the LNK files you want the tool to parse. In our case, it's C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent - this folder contains recently used items; we exported it from a forensic image using FTK Imager. Link Parser has extracted data from 204 LNK files, as seen in the following figure:
Figure 7.20. Link Parser output
Link Parser extracts a huge...
