Change winlnk parser to not generate distributed_link_tracking event data for duplicate identifier

log2timeline / plaso

Super timeline all the things

https://plaso.readthedocs.io

Apache License 2.0

1.66k stars 327 forks source link

Closed joachimmetz closed 4 months ago

joachimmetz commented 4 months ago

    if (lnk_file.birth_droid_file_identifier and
        lnk_file.birth_droid_file_identifier != lnk_file.droid_file_identifier):