Evidence: JumpList Automatic Entries
Description: Parse JumpList Automatic Entries
Category: System
Platform: windows
Short Name: jmplautoparsed
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
AutomaticDestinations parsed JumpLists combine DestList entries with LNK metadata per app. This data is essential for detailed reconstruction of file usage.
Data Collected
This collector gathers structured data about jumplist automatic entries.
Collection Method
This collector parses .automaticDestinations-ms files, saves a main record per file, and batches detailed entry data with LNK-derived fields into jumplist_automatic_parsed and _data tables.
Forensic Value
This evidence is crucial for forensic investigations as it reveals interaction counts, hostnames, MACs, GUIDs, and target paths for recent items.
