JumpList Custom Files

Overview

Evidence: JumpList Custom Files Description: Collect JumpList Custom Files Category: System Platform: windows Short Name: jmplcustomcol Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): Yes

Background

CustomDestinations JumpLists store application-specific recent items. This data is essential for reconstructing file usage and application interactions.

Data Collected

This collector gathers structured data about jumplist custom files.

Collection Method

This collector walks user JumpList directories, copies .customDestinations-ms files, and records file timestamps into jumplist_custom_collected_files.

Forensic Value

This evidence is crucial for forensic investigations as it surfaces recent items per app even when originals are removed.