I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. MySQL的时间进位问题

    mysql更新到5.6.4 之后 , 新增了一个叫factional seconds的特性 , 可以记录时间的毫秒值. 但是目前的数据库是不记录毫秒值的 , 所以会产生一个java中时间的Millis ...

  2. Mysql命令大全&&指定端口登录

    1.连接Mysql 格式: mysql -h主机地址 -u用户名 -p用户密码 -P端口   若出现access denied for user 'sy-fjj-web'@'localhost' (u ...

  3. Java中Filter、Servlet、Listener的学习

    1.Filter的功能filter功能,它使用户可以改变一个 request和修改一个response. Filter 不是一个servlet,它不能产生一个response,它能够在一个reques ...

  4. RBStoryboardLink库的使用注意事项 -转载至--坤哥MartinLi博客

    RBStoryboardLink库的使用注意事项 demo下载:https://github.com/MartinLi841538513/RBStoryboardLinkDemo 操作步骤: 1,引入 ...

  5. dede上怎么让所有链接在新窗口打开

    网页的头部,添加:<base target="_blank"> <base target="_blank"> </head> ...

  6. Ext TreeGrid提交修改过的数据

    本打算将整个treestore的数据提交到服务器,但找来找去没有找到好的方法,在翻api的时候发现了getUpdatedRecords()方法,拿来一试,试出此方法可以拿到被修改过的record so ...

  7. Machine Schedule(最小覆盖)

    其实也是个最小覆盖问题 关于最小覆盖http://blog.csdn.net/u014665013/article/details/49870029 Description As we all kno ...

  8. Node.js上传文件

    var formidable = require('formidable'); var util = require('util'); exports.upload = function(req,re ...

  9. How to Resize a Datafile (文档 ID 1029252.6)

    APPLIES TO: Oracle Database - Enterprise Edition - Version 9.2.0.1 and laterInformation in this docu ...

  10. oracle 内存结构 share pool sql解析的过程

    1.sql解析的过程 oracle首先将SQL文本转化为ASCII字符,然后根据hash函数计算其对应的hash值(hash_value).根据计算出的hash值到library cache中找到对应 ...