No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Dependencies Commit for v1.1.0 release May 16, 2013
Help Commit for v1.1.0 release May 16, 2013
Release Added binary release for v1.1.0 May 16, 2013
Source Commit for v1.1.0 release May 16, 2013
.gitignore Initial commit May 16, 2013
README.md Updated readme May 16, 2013

README.md

JumpLister

Info

Jump Lists have been widely discussed within the forensic community, in particular on the win4n6 mailing list. Jump lists from a forensic perspective have been described as follows (Troy Larson): “put a MS-CFB (compound file binary file format) parser in front of the link file parser, you will have a tool that opens Windows 7 Jump lists” So that means they are a MS-CFB with N… MS-SHLLINK, so that’s what this application does.

JumpLister is designed to open one or more Jump List files, parse the Compound File structure, then parse the link file streams that are contained within. It uses the LNK parser I wrote so stuff like object ID’s and MAC addresses are handled. The latest version also parses out the DestList data and performs a lookup on the AppId.

This functionality would not be possible without the hard work of the forensics community and the public release of the information on the forensics wiki.

Third party libraries

  • CsvHelper: CSV output
  • Shellify : LNK file parsing
  • OpenMCDF: Microsoft Compound Document File Format parsing library for OLE structured storage
  • Utility: Helper functions (woanware)

Requirements

  • Microsoft .NET Framework v4.5