Hi Harlan,

It does not support them at the moment, but if there is an interest I can try to code a solution. The tool does know where they exist, so it shouldn't be too difficult (famous last words!).  

In order to give something back to the forensic community, all of the code is now available on Google Code. Feel free to download, distribute and copy. I will keep all updated versions of SFP on Google Code from now on. If anyone would like to contribute to the project please let me know (first job is to optimise the code!)

code.google.com/p/simp...le-parser/  

nice to see another .net developer writing tools! Is the source code in the .exe file at the link you provided? all i see is the exe.

also, i noticed in the status bar it says

take taken: 0.33

when i am guessing it should be

time taken: 0.33

the prefetch parsing had some issues on win8 as well.

i would recommend against using a msgbox for each error as the end user will need to click ok possibly dozens of times. an area for status messages (like a listbox) would be better for that

id like to take a look at your code. seems like some good stuff based on the lnk results. have you compared your results with those generated by shellify? thats what i have been using for a while for lnk files  

Hi Eric, thanks for the feedback.

Yes you are correct it should read "time taken". I will test the tool on Windows 8, but I would say that it is currently not supported on that platform. I will go through and test the output with shellify, I am always looking for ways to validate the accuracy of the tool and thanks for the tip about errors I will change that.

The code has been uploaded, but it may be a little hidden from view within Google code. The source code is located here (http://code.google.com/p/simple-file-parser/source/browse/) - you can download the whole thing as a .zip file.

I have to say I'm not a .NET developer. I am an investigator primarily and you can probably tell that from the code. I would love for someone who is more knowledgable with C# help optimise the code and give suggestions. I have taken it from parsing 6000 LNK files in one minute to 16 seconds and I believe with multiple threading it could be done in around 5 seconds.

The Jump-List parser is proving more difficult than planned too, it currently only deals with a select few JL artefacts that is why there it is still in testing The INDX parser was a recent development and I've been told works very well with records in slack space and I am also looking at improving the LNK file parser to include item ID lists.

Oh - I have to mention that 1.5.1 supports drag and drop too for LNK and Prefetch artefacts - just to make things quicker and more simple to use!  

I use vb.net but I'm happy to help if you have questions.  

Thanks Eric - could you PM me your email address? Would be good to keep in contact if I have any issues.  

Thanks, great tool!!
Any plans of implementing support for other languages?

Thanks