I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. alpha融合

    //alpha融合 //作者:sandy //时间:2015-10-6 //将一只狗的头像融合在蜗牛头上 #include <cv.h> #include <highgui.h> ...

  2. Eclipse Tomcat配置/管理/调试指南

    从myeclipse转到Eclipse最不方便的之一莫过于Web项目部署了,老是在想怎么不能把myeclipse的那个移植过来,或者有没有高人能按照Myeclipse开发一个,非常遗憾. 原版的Ecl ...

  3. java静态代理

    WorkIF.java package com.wzh.test; public interface WorkIf { void doWork(String name);} work.java pac ...

  4. SpringMVC3的ResponseBody返回字符串(JSON)乱码问题解决

    近日做一个小项目,用spring mvc 做到ajax请求获取jquery ztree 异步获取树返回json对象时出现了乱码,试了各种办法,查了各种资料,一开始以为是数据库的编码有问题,经测试没问题 ...

  5. 在ubuntu下安装phpmyadmin 出现404错误

    在ubuntu下安转phpmyadmin 只要一条命令: Sudo apt-get install phpmyadmin 安装完成后,在浏览器里输入http://localhost/phpmyadmi ...

  6. C++学习20 虚基类详解

    多继承时很容易产生命名冲突,即使我们很小心地将所有类中的成员变量和成员函数都命名为不同的名字,命名冲突依然有可能发生,比如非常经典的菱形继承层次.如下图所示: 类A派生出类B和类C,类D继承自类B和类 ...

  7. sql server 与oracle数据互导的一种思路--sql server链接服务器

    思路:通过在sql server数据库中添加链接服务器,可以远程查询oracle数据库的表环境准备,安装sql server数据库,并安装好oracle驱动,在配置好tnsname文件中配置好orac ...

  8. cookie机制和session机制的原理和区别[转]

    一.cookie机制和session机制的区别 具体来说cookie机制采用的是在客户端保持状态的方案,而session机制采用的是在服务器端保持状态的方案. 同时我们也看到,由于在服务器端保持状态的 ...

  9. Android——TableLayout

    TableLayout的行数由开发人员直接指定,即有多少个TableRow对象(或View控件),就有多少行. TableLayout的列数等于含有最多子控件的TableRow的列数.如第一Table ...

  10. FZU Problem 2136 取糖果

     Problem 2136 取糖果 Time Limit: 1000 mSec    Memory Limit : 32768 KB  Problem Description 有N个袋子放成一排,每个 ...