I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. winform属性

    WinForm为客户端程序必须在.NET Framework框架上运行 一.常用属性: 布局: AutoScroll:当控件内容超出可见区域是否显示滚动条: Autosize:当控件内容有超出时是否自 ...

  2. python--输入一组无序的数,排序

    N=int(raw_input('input the number N=')) number=[] while(N): m=int(raw_input('input..\n')) number.app ...

  3. 加密--win7下安装openssl

    http://www.cnblogs.com/ZhouL3777/archive/2012/10/21/2732890.html http://www.cnblogs.com/ZhouL3777/ar ...

  4. 转_Java中常用的设计模式总结

    1.工厂模式:客户类和工厂类分开.消费者任何时候需要某种产品,只需向工厂请求即可.消费者无须修改就可以接纳新产品.缺点是当产品修改时,工厂类也要做相应的修改.如:如何创建及如何向客户端提供. 2.建造 ...

  5. Altiium Designer 09 解决局域网冲突的办法(转载)

    Altiium Designer 09 解决局域网冲突的办法(转载) 一 通过防护墙禁止进程访问网络: 1.1打开DXP.EXE,然后在360的流量防护墙或WINDOWS防护墙禁止该进程访问网络.注意 ...

  6. 性能测试工具之Gatling

    转载:http://ningandjiao.iteye.com/blog/2004579 Gatling一直是久闻其名但是未得机会运用,正好最近有需求做性能测试,于是趁此机会熟悉了一下,可以说,这是目 ...

  7. 为什么老师不喜欢RelativeLayout

    这个要看个人喜好.RelativeLayout对于一些简单布局来说反而复杂了.要计算相对距离这些.用线性布局只要利用好weight可以很直观的实现效果.所以这个因个人喜好而定 对于讲一些简单的功能来说 ...

  8. Quartz.net一个简要示例

    下面描述了一个Quartz.net最常用的应用场景,按特定秒数触发执行特定任务. 1.任务要继承自:IJob,在Execute方法中填入自己需要执行的任务. public virtual void E ...

  9. SGU 194 【带上下界的无源汇的可行流】

    题意: 给点数n和边数m. 接下来m条有向边. a b c d 一次代表起点终点,下界上界. 求: 判断是否存在可行流,若存在则输出某可行流.否则输出IMPOSSIBLE 思路: <一种简易的方 ...

  10. GL_INVALID_VALUE(0X501)

    当android应该打开GPU的支持后, 有些手机会出现黑屏.闪屏等现象. 跟踪控制台, 会打印日志GL_INVALID_VALUE(0X501). 参考资料:http://mobile.riaos. ...