Skip to content
AIR Knowledge Base

JumpList Automatic Entries

Overview

Section titled “Overview”

Evidence: JumpList Automatic Entries
Description: Parse JumpList Automatic Entries
Category: System
Platform: windows
Short Name: jmplautoparsed
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

Section titled “Background”

AutomaticDestinations parsed JumpLists combine DestList entries with LNK metadata per app. This data is essential for detailed reconstruction of file usage.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about jumplist automatic entries.

Collection Method

Section titled “Collection Method”

This collector parses .automaticDestinations-ms files, saves a main record per file, and batches detailed entry data with LNK-derived fields into jumplist_automatic_parsed and _data tables.

Forensic Value

Section titled “Forensic Value”

This evidence is crucial for forensic investigations as it reveals interaction counts, hostnames, MACs, GUIDs, and target paths for recent items.