pcqf (PC Quick Forensics) helps quickly gathering forensic evidence from Windows, Mac, and Linux systems, in order to identify potential traces of compromise.
Other
133
stars
20
forks
source link
Autostart links on Windows only store the .lnk file #5
When an autostart file on Windows uses a
.lnk
file, only that file is stored, instead of the executable it is pointing to.While the
.lnk
is probably also interesting and should be kept, this seems like a trivially easy way for malware to hide itself from pcqf.