JumpList Custom Entries

Overview

Evidence: JumpList Custom Entries Description: Parse entries from CustomDestination Jump Lists Category: File System Platform: Windows Short Name: jlcustoment Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Entries record pinned items and tasks, providing insight into persistent application usage.

Data Collected

This collector gathers structured data about custom entries.

JumpList Custom Entries Data

Field

Description

Example

ID

Primary key (auto-increment)

AppID

Application ID

5f7b5f1e01b83767

TargetPath

Target file path

C:\Users\Admin\Documents\template.dotx

TargetCreationTime

Target creation time

2023-10-15 14:30:25

TargetAccessTime

Target access time

2023-10-15 14:30:26

TargetWriteTime

Target write time

2023-10-15 14:30:27

Collection Method

This collector parses the necessary data from the jumplist_custom_entries table.

Usage

Identify persistent workflows and frequently used templates.

Notes

Combine with LNK and file system artifacts for deeper context.

PreviousJumpList Automatic Files NextJumpList Custom Files

Last updated 2 days ago

Was this helpful?