An Overview of the Jumplist Configuration File in Windows 7
<span style="font-family: Times New Roman; font-size: small;"> </span><p class="AbstractText" style="margin: 6pt 40.25pt 6pt 42.55pt;"><span style="font-size: small;"><span style="font-family: Times New Roman;">The intro...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Association of Digital Forensics, Security and Law
2012-03-01
|
| Series: | Journal of Digital Forensics, Security and Law |
| Online Access: | http://ojs.jdfsl.org/index.php/jdfsl/article/view/42 |
| Summary: | <span style="font-family: Times New Roman; font-size: small;"> </span><p class="AbstractText" style="margin: 6pt 40.25pt 6pt 42.55pt;"><span style="font-size: small;"><span style="font-family: Times New Roman;">The introduction of Jumplists in Windows 7 was an important feature from a forensic examiners viewpoint. Jumplist configuration files can provide the examiner with a wealth of information relating to file access and in particular: dates/times, Volume GUIDs and unique file object IDs relating to those files. Some of the information in the Jumplist could be used to build a more precise timeline relating to system and file usage. In this article, we analyse the structure of a Jumplist configuration file and in particular a record from a Jumplist configuration file and highlight some of the important entries therein.</span></span></p><span style="font-family: Times New Roman; font-size: small;"> </span> |
|---|---|
| ISSN: | 1558-7215 1558-7223 |