I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. python(19)编码问题

    转载链接:http://blog.csdn.net/lxdcyh/article/details/4018054 python的编码问题,一直都让人很头疼,今天就整理下python的编码知识. 首先: ...

  2. JAVA 拆分窗口

    //拆分窗口 import java.awt.*; import javax.swing.*; public class Jiemian8 extends JFrame{ JSplitPane cf; ...

  3. JAVA while循环,do-while循环,for循环

    一.while循环 实例: public class Test{ public static void main(String[] args){ int i = 1; while(i<30){ ...

  4. HTML5 - 使用<video>播放视频

    ,下面是一个播放视频的最简单样例 (controls属性告诉浏览器要有基本播放控件) <video src="hangge.mp4" controls></vid ...

  5. 30天轻松学习javaweb_https协议的密码学

    https通过非对称加密实现数据安全1.CA机构提供数字证书,其中数字证书包含公钥.2.浏览器自带功能验证数字证书是否是CA机构颁发的.3.根据数字证书包含的公钥对表单数据进行加密.4.公钥提供方再根 ...

  6. Java调用ffmepg+mencoder视频格式转换(*)

    PS: 建议大家在官网下载最新的资源 其他格式转FLV格式,可以用Java调用ffmpeg和memcoder实现 ffmepg: D:\ffmpeg\bin\ffmpeg.exe -i E:\1.mp ...

  7. plsql如果表和函数等显示不出来

    就把用户设为所有用户,所有的东西就会都显示出来了,然后再把用户切换为当前用户和My objects,你想看的东西就全部显示出来了.

  8. NYOJ 51-管闲事的小明

    点击打开链接 管闲事的小明 时间限制:4000 ms  |  内存限制:65535 KB 难度:2 描述 某校大门外长度为L的马路上有一排树,每两棵相邻的树之间的间隔都是1米.我们可以把马路看成一个数 ...

  9. (medium)LeetCode 233.Number of Digit One

    Given an integer n, count the total number of digit 1 appearing in all non-negative integers less th ...

  10. 编译redis

    apt-get install gcc tcl make MALLOC=libc