Crate lnk_forensic 

lnk-forensic — graded anomaly auditor over Windows Shell Link (.lnk) files.

Consumes a lnk_core::ShellLink and emits forensicnomicon::report::Findings. Every anomaly is an observation (“consistent with …”); the examiner draws the conclusions. MITRE techniques are narrated as consistency, never as a verdict.

Enums

JumpListAnomaly

A graded Jump List anomaly, layered on top of the per-link LnkAnomaly findings (each embedded shell link is audited with audit for free).

LnkAnomaly

A graded Shell Link anomaly.

Functions

audit

Audit a ShellLink into a typed LnkAnomaly stream.

audit_findings

Audit and convert directly to graded Findings.

audit_jumplist

Audit a JumpList into graded Findings.

source

The Source stamp for findings this analyzer emits.