Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers

Research Article

The Forensic Value of the Windows 7 Jump List

Download
467 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-35515-8_17,
        author={Alexander Barnett},
        title={The Forensic Value of the Windows 7 Jump List},
        proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2012},
        month={12},
        keywords={Jump List Windows 7 Forensics},
        doi={10.1007/978-3-642-35515-8_17}
    }
    
  • Alexander Barnett
    Year: 2012
    The Forensic Value of the Windows 7 Jump List
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-35515-8_17
Alexander Barnett1,*
  • 1: Purdue University
*Contact email: agbarnet@purdue.edu

Abstract

The Windows 7 Jump List is an aspect of the Windows 7 operating system that has the potential to contain data and artifacts of great interest to investigators, but has yet to receive any considerable attention or research. As of this writing, only one published work makes mention of their existence, and no tools exist to automate their retrieval and analysis. The goal of this research is to provide an overview of the function and behavior of jump lists, and also to examine the structure of jump lists with the intention of proposing further research for making use of them in a forensic capacity.