I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. Win8下修改任務欄的資源管理器默認打開位置

    不能像win7一樣右鍵屬性改了,但還是有辦法的. 新建一個文件夾,建立快捷方式,右鍵快捷方式,將目標改為%windir%\explorer.exe /n,/e,D:\Desktop 然後將該快捷方式拖 ...

  2. Jetty服务器jmx监控

    Jetty服务器jmx监控 Jetty 服务器增加jmx,jmx-remote模块 1.修改对应jetty服务器的配置文件start.ini追加如下两行–module=jmx–module=jmx-r ...

  3. [经验总结]利用xlstproc处理XSLT的makefile

    转自:http://blog.csdn.net/thinkhy/article/details/5343739 # For XSLT PARSE = xsltproc SRC = main.xml S ...

  4. 内存调试工具---valgrind

    安装 1.到www.valgrind.org下载最新版valgrind-3.2.3.tar.bz2 2.解压安装包:tar –jxvf valgrind-3.2.3.tar.bz2 3.解压后生成目录 ...

  5. Liferay中actionURL能够执行后台方法 ,但是页面不跳转问题解决方案

    在学习liferay的过程中,遇到了这么一个问题,actionURL能够执行后台方法 ,但是页面不跳转,以下是两种解决方案: 方案1(不推荐此种办法): 强制将页面重定向. 在actionURL执行的 ...

  6. 无法创建spool文件

    是因为没有用管理员运行CMD,并且数据库不需要使用超级管理员登录.

  7. 关于BEA-000402和BEA-000438

    OS:rh5 64位 JDK:1.5 64位 weblogic:9.2.3 jar 应用程序部署后,启动受管服务器报如下警告和错误: 这个问题导致系统性能下降,打开weblogic控制台各项功能和应用 ...

  8. [kuangbin带你飞]专题一 简单搜索

            ID Origin Title 454 / 1008 Problem A POJ 1321 棋盘问题   328 / 854 Problem B POJ 2251 Dungeon Ma ...

  9. [HDU 5135] Little Zu Chongzhi's Triangles (dfs暴搜)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=5135 题目大意:给你n条边,选出若干条边,组成若干个三角形,使得面积和最大.输出最大的面积和. 先将边 ...

  10. 【转】windows和linux间共享互传文件

    原文:http://blog.guorunmin.cn/2015/09/16/windows%E5%92%8Clinux%E9%97%B4%E5%85%B1%E4%BA%AB%E4%BA%92%E4% ...