Skip to content
AIR Knowledge Base

JumpList Custom Entries

Overview

Section titled “Overview”

Evidence: JumpList Custom Entries
Description: Parse JumpList Custom Entries
Category: System
Platform: windows
Short Name: jmplcustomparsed
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

Section titled “Background”

CustomDestinations parsed JumpLists organize recent items by app-defined categories. This data is essential for analyzing user interaction with files per application.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about jumplist custom entries.

Collection Method

Section titled “Collection Method”

This collector parses .customDestinations-ms files, saves a main record, and batches per-entry LNK-derived metadata into jumplist_custom_parsed and _data tables.

Forensic Value

Section titled “Forensic Value”

This evidence is crucial for forensic investigations as it provides categorized recent item details with timestamps and target paths.