Evidence: JumpList Custom Files
Description: Collect JumpList Custom Files
Category: System
Platform: windows
Short Name: jmplcustomcol
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): Yes
Background
CustomDestinations JumpLists store application-specific recent items. This data is essential for reconstructing file usage and application interactions.
Data Collected
This collector gathers structured data about jumplist custom files.
Collection Method
This collector walks user JumpList directories, copies .customDestinations-ms files, and records file timestamps into jumplist_custom_collected_files.
Forensic Value
This evidence is crucial for forensic investigations as it surfaces recent items per app even when originals are removed.
