JumpList Custom Files

Overview

Evidence: JumpList Custom Files Description: Collect JumpList CustomDestination files Category: File System Platform: Windows Short Name: jlcustom Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): Yes

Background

CustomDestination Jump Lists track pinned items and tasks for applications and provide insight into persistent user interactions.

Data Collected

This collector gathers structured data about CustomDestination files.

JumpList Custom Files Data

Field

Description

Example

ID

Primary key (auto-increment)

Path

File path

C:\...\CustomDestinations\5f7b5f1e01b83767.customDestinations-ms

AppID

Application ID

5f7b5f1e01b83767

AppIDDescription

Application description

Microsoft Word

Version

JumpList version

NumEntries

Number of entries

Collection Method

This collector parses the necessary data from the jumplist_custom_files table and collects files from:

%APPDATA%\\Microsoft\\Windows\\Recent\\CustomDestinations\\

Usage

Identify pinned items and user-configured tasks indicative of persistent workflows.

Notes

AppIDs can be mapped to applications using known lists.

PreviousJumpList Custom Entries NextLastVisitedPidlMRU

Last updated 2 days ago

Was this helpful?