JumpList Custom Entries

Overview

Evidence: JumpList Custom Entries Description: Parse JumpList Custom Entries Category: System Platform: windows Short Name: jmplcustomparsed Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

CustomDestinations parsed JumpLists organize recent items by app-defined categories. This data is essential for analyzing user interaction with files per application.

Data Collected

This collector gathers structured data about jumplist custom entries.

Collection Method

This collector parses .customDestinations-ms files, saves a main record, and batches per-entry LNK-derived metadata into jumplist_custom_parsed and _data tables.

Forensic Value

This evidence is crucial for forensic investigations as it provides categorized recent item details with timestamps and target paths.