I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. matlab R2016b 设置界面为英文

    对于matlab的使用,最好还是使用英文好.这样既能让你熟悉直接的英文解释,也能学习一下英语. 对于中文版的matlab,默认的Matlab安装是中文,所以这里存在安装matlab后设置语言的需要. ...

  2. linux 常用alias

    alias qqcom='cd /usr/local/qqcom_app/' alias php_c='cd /usr/local/php/lib/' alias ap_c='cd /usr/loca ...

  3. psutil模块安装指南(win与linux)

    1.windows下psutil模块安装: https://pypi.python.org/packages/3.4/p/psutil/ 下载符合版本的软件包下载,然后安装即可. 2.ubuntu下载 ...

  4. QT之实现程序启动画面

    现在好多软件都有,尤其是大型软件,他们要加载的东西太多,因此需要的事件较长,而又不希望给用户产生成为好像没有响应的情况,因此也就需要程序启动画面来实现. 当然了,用widget要比这个丰富很多,不过代 ...

  5. java异常分类(运行时异常,可检查异常)

    NullPointerException:是运行时异常(RuntimeException),也叫非检查异常 所以我们抛出该类异常实例时,方法声明处无需添加throws来列举该类异常的抛出,编译器在编译 ...

  6. isAnagram

    /*Given two strings s and t, write a function to determine if t is an anagram of s. For example, s = ...

  7. 再战map

    以前自己整理过map容器,但是好像没有这篇这么系统... Map是STL的一个关联容器,它提供一对一(其中第一个可以称为关键字,每个关键字只能在map中出现一次,第二个可能称为该关键字的值)的数据 处 ...

  8. Android--使用Notification在通知栏显示消息

    在一个Activity中点击按钮,产生一个通知栏消息通知. package cn.luxh.mynotice; import android.os.Bundle; import android.uti ...

  9. Socket网络编程例子

    1.为了安全的进行通信,基于ACK确认机制----重传机制 使用selector机制的多路复用的IO通信机制,此外还有epoll控制 业务挂接点或者接入点: 常见的接入点: RDBMS进行CRUD M ...

  10. 共享池之六:shared pool latch/ library cache latch /lock pin 简介

    latch:library cache --desc v$librarycache; latch:library cache用于保护hash bucket.library cache lock保护HA ...