Forensic Analysis Of LNK Files With Belkasoft Evidence Center

In this article, the Belkasoft Team explains what LNK files are and why they are important, where one can find them, and how to analyze them with Belkasoft Evidence Center.LNK files (labels or Windows shortcut files) are typically files which are created by the Windows OS automatically, whenever a user opens their files. These files are used by the operating system to secure quick access to a certain file. In addition, some of these files can be created by users themselves to make their activities easier.

Fig.1. Windows Desktop Shortcuts

Location
Normally, most of LNK-files are located on the following paths:

– For Windows 7 to 10: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent
– For Windows XP: C:\Documents and Settings\%USERNAME%\Recent

However, there many other places where investigators can find LNK files:

Read more


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Leave a Comment