I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. 实现读入一个彩色视频文件并以灰度格式输出这个视频文件,学习opencv例2-10

    #include "cv.h"#include "highgui.h"int main(int argc,char* argv[]){ //书本中的main没有 ...

  2. ruby中迭代器枚举器的理解

    参考<ruby编程语言>5.3迭代器和可枚举对象 迭代器一个迭代器是一个方法,这个方法里面有yield语句,这个方法里的yield语句,与传递给这个方法的块进行数据传输 yield将数据传 ...

  3. Oracle自增列

    一.介绍: 在设计数据库时,有时候希望表的某一列为自增列,例如编号,本文就介绍如何在oracle数据库中实现自增列,需要两个步骤: 1)构建序列(sequence) 在oracle中sequence就 ...

  4. c# list排序的三种实现方式

    用了一段时间的gridview,对gridview实现的排序功能比较好奇,而且利用C#自带的排序方法只能对某一个字段进行排序,今天demo了一下,总结了三种对list排序的方法,并实现动态传递字段名对 ...

  5. [SQL]多列的行转列

    create table t(name varchar(),subject varchar(),mark int) insert into t union all union all union al ...

  6. Codeforces 626E Simple Skewness 「数学」「二分」

    题意: 给你一堆无序数,寻找它的一个子堆,使得子堆的平均数减中位数最大. 数字的个数n<=2e5 0<=xi<=1e6. 思路: 首先可以证明这堆数一定是奇数个,证明方法是尝试在奇数 ...

  7. MongoDB增删改查

    MongoDB以文档的形式存储数据,文档是类似于JSON键值对结构的BSON格式. 许多有共性的文档就组成一个集合. 集合.文档分别对应关系型数据库的表和行记录. 进入数据库: [mongodb@lo ...

  8. X60的BIOS白名单-黑苹果之路

    一时兴起装起了黑苹果,用了最古老的thinkpad X60.装完了才发现无线网卡是硬伤,无法驱动,只有淘了个博通的无线网卡,但商家告诉我需要搞定白名单. 于是在商家的帮助下折腾半天,终于搞定. 1.在 ...

  9. Redis附加功能之Redis流水线pipeline

    流水线功能的目的:通过减少客户端与服务器之间的通信次数来提高程序的执行效率. 一.通信 在一般情况下, 用户每执行一个 Redis 命令,客户端与服务器都需要进行一次通信:客户端会将命令请求发送给服务 ...

  10. 如何为 Drupal 7 网站添加悬浮的反馈按钮?

    最近有客户咨询我们要怎么为 Drupal 网站添加悬浮按钮,方便访客能够链接到反馈表单页面.很幸运,使用 Feedback Simple 模块可以很容易实现. 在这篇短教程中,我将和大家分享如何添加链 ...