Incident Response with EZTools - Document Creation and Opening file Evidence Acquisition
LECmd is bundled with EZTools. This tool is used to parse .lnk files.
LNK Files are typically files that are created by the Windows OS automatically whenever a user opens their files. These files are used by the operating system to secure quick access to a certain file.
From an incident response perspective, it is necessary for the responder to have the ability and skill to quickly triage to patient zero and identify the cause or action performed before the incident was detected.
During an incident, a file in the form of a text file or a document might be opened, and to acquire these artifacts, responders must have the right set of knowledge and tools to gather these artifacts as evidence.
