LNK Files and Jump Lists

As a continuation of the "Introduction to Windows Forensics" series, this video introduces the ubiquitous LNK, or "link", file, as well as a lesser known Windows feature called Jump Lists. Both of these artifacts provide us with numerous items of forensic interest. We'll first take a look at the basic information you need to know in order to parse these artifacts. Then, we'll take a look inside an LNK file, and use ExifTool and Lnk Explorer to extract items of evidentiary value. Lastly, we'll look at Jump Lists, and use JumpList Explorer to explore the contents of those files. *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** Introduction to Windows Forensics: https://www.youtube.com/watch?v=VYROU-ZwZX8 LNK Files: http://forensicswiki.org/wiki/LNK Forensic Analysis of LNK files: https://www.magnetforensics.com/computer-forensics/forensic-analysis-of-lnk-files/ Jump Lists: http://forensicswiki.org/wiki/Jump_Lists 4n6k Jump List AppID Master List: https://github.com/4n6k/Jump_List_AppIDs/blob/master/4n6k_AppID_Master_List.md ExifTool: https://www.sno.phy.queensu.ca/~phil/exiftool Lnk Explorer: https://ericzimmerman.github.io/ JumpList Explorer: https://ericzimmerman.github.io/ *** Additional Tools Referenced in This Video *** Lnkanalyser: http://www.woanware.co.uk/forensics/lnkanalyser.html Windows LNK Parsing Utility: https://tzworks.net/prototype_page.php?proto_id=11 Internet Evidence Finder (IEF): https://www.magnetforensics.com/magnet-ief JumpLister: http://www.woanware.co.uk/forensics/jumplister.html JumpListsView: https://www.nirsoft.net/utils/jump_lists_view.html Windows Jump List Parser: https://tzworks.net/prototype_page.php?proto_id=20 #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics