I access a files which name is "abc.doc", no doubt a lnk file "abc.doc.lnk" shows up. Few minutes or hours later I access "abc.doc" again, what will happen then? "abc.doc.lnk" still or another lnk file "abc.doc (2).lnk" show up???

Yesterday I analyzed artifacts of an evidence which operating system is Windows XP SP3. When I took a look at "Recent folders", some lnk files look strange. Under what circumstances could so many same lnk files show up as below? You guys could take a look at the timestamps of file that those lnk files pointing to. The same CreationDate and these lnk files do point to the same file "其它各類所得.xlsx".

I'd appreciate your providing any information you have. Thanks a lot.

What is the behavior of lnk files?的更多相关文章

  1. Track files and folders manipulation in Windows

    The scenario is about Business Secret and our client do worry about data leakage. They want to know ...

  2. How to: Synchronize Files by Using Managed Code

    The examples in this topic focus on the following Sync Framework types: FileSyncProvider FileSyncOpt ...

  3. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  4. What are Unix swap (.swp) files?

    原文: http://www.networkworld.com/article/2931534/it-management/what-are-unix-swap-swp-files.html ---- ...

  5. Introducing Microsoft Sync Framework: Sync Services for File Systems

    https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchro ...

  6. 1Z0-050

    QUESTION 13 View the Exhibit.Examine the following command that is executed for the TRANSPORT table ...

  7. Total Commander 8.52 Beta 1

    Total Commander 8.52 Beta 1http://www.ghisler.com/852_b1.php 10.08.15 Release Total Commander 8.52 b ...

  8. metasploit-post模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  9. Volume serial number could associate file existence on certain volume

    When it comes to lnk file analysis, we should put more emphasis on the volume serial number. It coul ...

随机推荐

  1. iis7+php5.6配置404错误页面的问题

    打开错误页,如图1 图1 1.刚开始选择的是“在此网站上执行URL”,/404.html页面可以显示出来,但返回的状态是200,对seo不友好,这样生成的的web.config配置文件如下: < ...

  2. Struts2 Annotation 注解配置

    也叫Zero Configuration(零配置),它省去了写xml文件的麻烦,可以直接在类叫进行配置,不用在java文件和xml文件中来回切换. 必须导入struts2-convention-plu ...

  3. 启动httpd服务:SSLCertificateFile: file '/var/www/miq/vmdb/certs/server.cer' does not exist or is empty

    启动httpd服务,失败: [root@test vmdb]# service httpd restart Stopping httpd: [FAILED] Starting httpd: Synta ...

  4. Java:过去、未来的互联网编程之王

    Java对你而言是什么?一门你大学里学过的语言?一个IT行业的通用语言?你相信Java已经为下一次互联网爆炸做好了准备么?Java 一方面为嵌入式计算做了增强,而另一方面为实时应用做了精简,本文将介绍 ...

  5. UITapGestureRecognizer 的用法

    最近在项目中用到了手势操作,键盘回收时还是挺常用的,现在总结下,多谢网络上大神们的分享. 先分享下我在项目中用的代码: UITapGestureRecognizer * mytap=[[UITapGe ...

  6. DedeCms完美的FLASH幻灯代码

    <div id="banner"> <script language='javascript'> linkarr = new Array(); picarr ...

  7. 怎么查询局域网内全部电脑IP和mac地址等信息?

    在局域网内查询在线主机的IP一般比较简单,但局域网内全部电脑的IP怎么才能够查到呢?查询到IP后我还要知道对方的一些详细信息(如MAC地址.电脑名称等)该怎么查询呢??? 工具/原料 Windows ...

  8. redis在windows上的安装

    1.下载地址:https://github.com/MSOpenTech/redis 主要支持win64的,有个msi文件可以直接安装,安装后redis会变成一个服务,对于windows来说这种最方便 ...

  9. struts(五) 使用通配符 接收参数

    1.使用通配符简化配置 约定优于配置 <action name="student*" class="com.gc.StudentAction" metho ...

  10. Redis集群功能概述

    在单机Redis中介绍过Redis的复制特性以及Redis Sentinel和twemproxy,其中: 复制:可以创建指定服务器的复制品,这些复制品可以用户扩展系统处理读请求的能力: Redis S ...