I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. python (18)在linux中如何实现定时发送邮件

    最近要用到,定时发送邮件功能: 如何定时,当然要用到linux中crontab了 如下的代码能够定时发送邮件 #!/usr/bin/env python # -*- coding=utf-8 -*- ...

  2. IIS6.0服务器完美开启Gzip压缩[转]

    转自:http://seo.qiankoo.com/731 在昨天服务器还没重装之前,这个服务器已经开启了Gzip,去年配置的时候就很波折,因为配置文件在C盘,所以重装后Gzip就没了. 今天理论上第 ...

  3. C++ 局部变量的析构

    http://blog.chinaunix.net/uid-52437-id-2108747.html 在一个函数内,申明一个局部类变量.则这个变量什么时候析构呢? 并不是在函数退出,释放栈空间时候析 ...

  4. cotex_m3内核提供的ITM串口打印调试

    cotex_m3内核的ARM提供了ITM串口打印观测的功能,可以不用ARM单片机自己的串口就可在开发时候串口打印调试.节约了宝贵的内部资源,同时也为调试提供了方便.使用方法如下: 1 将下面的SWO_ ...

  5. U盘安装Linux CentOS 6.5 64位操作系统(来自互联网)

    从centOS6.5开始直接把iso文件写入u盘就行了. 方法1:windows平台:1.用UltraISO打开iso(如:CentOS-6.5-x86_64-bin-DVD1.iso)2.然后点“启 ...

  6. [AIR] 利用SnapShot.exe实现QQ截屏功能

    主类(可作文档类): package { import flash.display.Bitmap; import flash.display.Sprite; import flash.events.E ...

  7. 将Word文档发给别人时如何限制别人只能修改文档部分内容

    将Word文档发给别人时如何限制别人只能修改文档部分内容  转自:互联网.时间:2014-04-16   作者:snow   来源:互联网 在很多情况下我们都不希望别人修改我们的文档内容,特别实在将W ...

  8. 编写一个go gRPC的服务

    前置条件: 获取 gRPC-go 源码 $ go get google.golang.org/grpc 简单例子的源码位置: $ cd $GOPATH/src/google.golang.org/gr ...

  9. SQL(Oracle)

    http://blog.csdn.net/winter13292/article/details/7011377 SQL 对大小写不敏感!  在 SQL 中增加 HAVING 子句原因是,WHERE ...

  10. jxl的API

    jxl的API 使用Windows操作系统的朋友对Excel(电子表格)一定不会陌生,但是要使用Java语言来操纵Excel文件并不是一件容易的事.在Web应用日益盛行的今天,通过Web来操作Exce ...