Link and Jumplist Project Page

Analyzed Windows .lnk and Jump List artifacts to reconstruct user activity; compared target vs. shortcut MAC timestamps to validate “opened vs. downloaded” claims
Parsed AutomaticDestinations with JumpListsView + Zimmerman’s LECmd/JumpList Explorer; correlated AppID entries and recovered NIC MAC address to attribute actions to a specific host
Preserved evidence integrity (read-only mount in FTK Imager; MD5/SHA1/SHA256 hashes) and delivered a screenshot-backed, reproducible workflow answering case questions