I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. linux命令(13) 删除指定文件夹下后缀名相同的文件

    方法一: find 目录 -name "*.abc" | xargs rm命令有点危险,可以先执行前半段,看看是不是你要删除的文件, 然后再整条执行 方法二:find . -nam ...

  2. 查询oracle中所有用户信息

    1.查看所有用户:select * from dba_users;   select * from all_users;   select * from user_users; 2.查看用户或角色系统 ...

  3. 高级Java开发工程师

  4. sql执行返回值存储

    List<Map> list = SqlRunner.queryMapList(sql); if(list != null && !list.isEmpty()){ Has ...

  5. 网站引导页插件intro.js 的用法

    intro.js是一个用于制作网页引导效果的js插件,用法很简单,intro.js.v2.0.rar 1.在需要的页面添加引用 intro.js introjs.css 这两个文件已经足够,但是文件夹 ...

  6. [SQL]LTRIM 、 RTRIM、SUBSTRING 如何使用

    (一) LTRIM ( character_expression )删除字符变量中的起始空格 RTRIM ( character_expression ) 删除字符变量中的尾随空格 (二) SUBST ...

  7. MS Sqlserver 备份数据库SQL

    通过作业的方式调用SQL执行自动备份,可以解决忘记备份数据库的问题,记录一下 declare @FileFullName varchar(40); declare @FileName varchar( ...

  8. (转)Java DES 与Base64

    原文地址http://blog.csdn.net/tomatozq/article/details/20773559 1,DES /** * 解密 * @param message * @param ...

  9. linux启动init流程(转)

    当系统启动时,首先启动内核,内核调用init来完成引导进程.init启动时,它会在/etc/inittab内查找默认的运行级别:如id:2:initdefault:运行/etc/rc.d/init.d ...

  10. Centos7 install Openstack - (第四节)添加计算服务(Nova)

    Centos7 install Openstack - (第四节)添加计算服务(Nova) 我的blog地址:http://www.cnblogs.com/caoguo 该文根据openstack官方 ...