The Forensic Value of the Windows 7 Jump List

Alexander Barnett

Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers

Research Article

The Forensic Value of the Windows 7 Jump List

Download

438 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1007/978-3-642-35515-8_17,
    author={Alexander Barnett},
    title={The Forensic Value of the Windows 7 Jump List},
    proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers},
    proceedings_a={ICDF2C},
    year={2012},
    month={12},
    keywords={Jump List Windows 7 Forensics},
    doi={10.1007/978-3-642-35515-8_17}
}

Alexander Barnett
Year: 2012
The Forensic Value of the Windows 7 Jump List
ICDF2C
Springer
DOI: 10.1007/978-3-642-35515-8_17

Alexander Barnett¹^,*

1: Purdue University

*Contact email: agbarnet@purdue.edu

Abstract

The Windows 7 Jump List is an aspect of the Windows 7 operating system that has the potential to contain data and artifacts of great interest to investigators, but has yet to receive any considerable attention or research. As of this writing, only one published work makes mention of their existence, and no tools exist to automate their retrieval and analysis. The goal of this research is to provide an overview of the function and behavior of jump lists, and also to examine the structure of jump lists with the intention of proposing further research for making use of them in a forensic capacity.

Keywords: Jump List Windows 7 Forensics

Published: 2012-12-06

: http://dx.doi.org/10.1007/978-3-642-35515-8_17