The EnCase "Case Processor" EnScript includes a Link File Parser module that work fine, but does not produce a very efficient report. For example, if you want to quickly see all the LNK files that refer to object on removable media, you have to read through all the entries to find one that may be on a removable device. Also, there is no way to sort the data by the timestamps contained in the LNK file to build a timeline.
I wrote this EnScript several months ago for a specific need I had back then, but never had a chance to post it.
This EnScript requires Microsoft Excel be installed and it will parse all the LNK files in the case (no need to select). The data will be sent to Excel and a spreadsheet will automatically open, displaying the data. You can then easily sort on any field and quickly see the properties of each Link file.
Download Here
轉自ForensicKB
I wrote this EnScript several months ago for a specific need I had back then, but never had a chance to post it.
This EnScript requires Microsoft Excel be installed and it will parse all the LNK files in the case (no need to select). The data will be sent to Excel and a spreadsheet will automatically open, displaying the data. You can then easily sort on any field and quickly see the properties of each Link file.
Download Here
轉自ForensicKB
0 意見: