Are the lookups file-based? Try looking in Settings > Lookups > Lookup Definitions. When you identify the row with the lookup in question, notice the Type column; if it's a kvstore, then the data lives in a database and won't be in a file on the file system. If the Type is file, then look at the Lookup file and App columns - the name of the app should plug into the file path you specified above. If it's not, then take a look at the Sharing field. If the lookup is Private, then it will be inside the user directory of the user who created the lookup.
Ah, sure. There is one more step you need. Go to Settings > Lookups > Automatic lookups. Locate the lookup in question, and make note of the defined lookup it is using. For example, here is a line from my Automatic lookups:
DhcpSrvLog : LOOKUP-signature_for_microsoft_dhcp msdhcp_signature_lookup msdhcp_id OUTPUTNEW signature No owner Splunk_TA_windows_default_disabled Global | Permissions Enabled Clone
In this case, the name of the lookup is msdchp_signature_lookup; it will always be the first word (or series of words, connected with underscores) in the second column. This is the name of the defined lookup that the automatic lookup uses. You can follow the steps from my first answer to track backwards with this defined lookup name.