期刊名称:Journal of Digital Forensics, Security and Law
印刷版ISSN:1558-7215
电子版ISSN:1558-7223
出版年度:2012
卷号:1
期号:1793
页码:15-28
语种:English
出版社:Association of Digital Forensics, Security and Law
摘要:The introduction of Jumplists in Windows 7 was an important feature from a forensic examiners viewpoint. Jumplist configuration files can provide the examiner with a wealth of information relating to file access and in particular: dates/times, Volume GUIDs and unique file object IDs relating to those files. Some of the information in the Jumplist could be used to build a more precise timeline relating to system and file usage. In this article, we analyse the structure of a Jumplist configuration file and in particular a record from a Jumplist configuration file and highlight some of the important entries therein.
