< Back
Get-ForensicShellLink
Post
NAME Get-ForensicShellLink
SYNOPSIS
Gets infromation about Shell Link (.LNK) files on the specified volume.
SYNTAX
Get-ForensicShellLink [[-VolumeName] <String>] [<CommonParameters>]
Get-ForensicShellLink -Path <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicShellLink cmdlet parses the binary structure in the specified ShellLink (.lnk) file. If you do not
specify a file, Get-ShellLink parses all .lnk files in the specified volume.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? 0
Default value \\\\.\\C:
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to file to be parsed.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
PowerForensics.Artifacts.ShellLink
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicShellLink
This command parses all .lnk files on the C:\\ logical volume.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ShellLink -Path C:\\test\\PowerForensics.dll-Help.xml.lnk
Path : PowerForensics.dll-Help.xml.lnk
CreationTime : 11/6/2015 8:01:39 PM
AccessTime : 11/16/2015 2:45:45 AM
WriteTime : 11/17/2015 10:18:59 PM
FileSize : 202700
LocalBasePath : C:\\test\\PowerForensics.dll-Help.xml
CommandLineArguments :
CommonNetworkRelativeLink :
This command, which runs Get-ForensicShellLink with a single file path, gets only the corresponding
ShellLink object.
RELATED LINKS
SYNOPSIS
Gets infromation about Shell Link (.LNK) files on the specified volume.
SYNTAX
Get-ForensicShellLink [[-VolumeName] <String>] [<CommonParameters>]
Get-ForensicShellLink -Path <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicShellLink cmdlet parses the binary structure in the specified ShellLink (.lnk) file. If you do not
specify a file, Get-ShellLink parses all .lnk files in the specified volume.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? 0
Default value \\\\.\\C:
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to file to be parsed.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
PowerForensics.Artifacts.ShellLink
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicShellLink
This command parses all .lnk files on the C:\\ logical volume.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ShellLink -Path C:\\test\\PowerForensics.dll-Help.xml.lnk
Path : PowerForensics.dll-Help.xml.lnk
CreationTime : 11/6/2015 8:01:39 PM
AccessTime : 11/16/2015 2:45:45 AM
WriteTime : 11/17/2015 10:18:59 PM
FileSize : 202700
LocalBasePath : C:\\test\\PowerForensics.dll-Help.xml
CommandLineArguments :
CommonNetworkRelativeLink :
This command, which runs Get-ForensicShellLink with a single file path, gets only the corresponding
ShellLink object.
RELATED LINKS