We just posted a new tool for 'Jump List' parsing at TZWorks LLC at
If you haven't seen the forensic artifacts produced by parsing Jump Lists on Win7 and beyond, download the tool and take a look at the output it produces. This tool is command line based and is geared for outputting data in a parsable CSV format. Since this is a first release, it is still considered to be prototype software.
All constructive comments for improvement to the tool are solicited.
Hello,
I tried the jmp and it is a great tool. it gives plenty of results to investigate the automatic and customs destinations in a simple manner. However could you provide us with some clarifications on the different columns we get?
I am newbie in this field and want some clarifications on informations seen.
MRU/MFU Time; File modified time,…Target…
For an automatic file the "file mdate"and "file cdate" are the same for all the streams within this file?
To be accurate I want to know if I can ascertain the last real acces to a word document ?
Thank you
Sam,
I have done a lot of work on the topic of Jump Lists and have posted an article here
Analysis of Windows 7 Jump Lists
Please feel free to PM me for more information
Regards