Hi All,

I'm currently writing a tool for the parsing of common Windows artefacts and I would like to share it with the forensic community. This tool is called the Simple File Parser (SFP) and it currently supports the parsing of link and prefetch files and allows the user to easily export the information to CSV format for a more detailed analysis.

To take a look at the program or to download it yourself, please visit the tool's blog page: simplefileparser.blogspot.co.uk/. You will need .NET 4 installed before running this program.

I will take on-board any comments, or if you find any bugs please let me know.

Chris.  

Version 1.3 has been released and has initial support for Windows 7 jump-lists.  

Thanks for this great tool.


Thierry  

Thanks Thierry, I have plans to improve the jump-list support and to make it multi-threaded for performance (once I've worked out how to thread in C# that is!).  

Version 1.4 has now been released with more robust support for jump-list artefacts, improved GUI and speed, multithreaded goodness and multiple time-zone support. Download at www.simplefileparser.blogspot.com.

As ever, please let me have your comments and suggestions for future releases.  

Version 1.5 now has support for the parsing of INDX Attributes ($I30 files).

Let me know if you have any issues.  

Does the LNK parser support parsing the shell item ID lists?