AuthorAndrew Case

Total time: 11 minutes

Jump lists are a feature of Windows 7 and are implemented as on-disk databases that contain the values seen when an application is right clicked on in the task bar. This often includes the files recently opened with a particular application. A record of recently accessed files, along with the other metadata contained within the jump list databases, provide very useful forensic artifacts. In this module we discuss how to locate and analyze jump lists and how to use this analysis within investigations. During the lab, students will investigate sample jump lists on their own to answer questions that commonly occur during real world investigations.

More Modules In This Lesson
New Modules

Want to be the first to know about new modules?

Notify Me