JumpList Automatic Entries

Overview

Evidence: JumpList Automatic Entries Description: Parse JumpList Automatic Entries Category: System Platform: windows Short Name: jmplautoparsed Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

AutomaticDestinations parsed JumpLists combine DestList entries with LNK metadata per app. This data is essential for detailed reconstruction of file usage.

Data Collected

This collector gathers structured data about jumplist automatic entries.

Collection Method

This collector parses .automaticDestinations-ms files, saves a main record per file, and batches detailed entry data with LNK-derived fields into jumplist_automatic_parsed and _data tables.

Forensic Value

This evidence is crucial for forensic investigations as it reveals interaction counts, hostnames, MACs, GUIDs, and target paths for recent items.