JumpList Automatic Entries

Overview

Evidence: JumpList Automatic Entries Description: Parse entries from AutomaticDestination Jump Lists Category: File System Platform: Windows Short Name: jlautoent Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Entries record files recently opened by applications, including paths, timestamps, and link metadata.

Data Collected

This collector gathers structured data about automatic entries.

JumpList Automatic Entries Data

Field

Description

Example

ID

Primary key (auto-increment)

AppID

Application ID

1b4dd67f29cb1962

TargetPath

Target file path

C:\Users\Admin\Documents\report.docx

TargetCreationTime

Target creation time

2023-10-15 14:30:25

TargetAccessTime

Target access time

2023-10-15 14:30:26

TargetWriteTime

Target write time

2023-10-15 14:30:27

Collection Method

This collector parses the necessary data from the jumplist_automatic_entries table.

Usage

Use entries to link application usage to specific files and times.

Notes

Combine with LNK parsing for richer link metadata.

PreviousJumplist NextJumpList Automatic Files

Last updated 2 days ago

Was this helpful?