What is the best Jump List parser?

It depends on the workflow: JLECmd for batch CSV/JSON output, Jumplist Explorer for interactive Windows analysis, Jumplist-Browser for raw-stream inspection, and an in-browser parser for cross-platform triage with no install.

Is there an online Jump List parser?

Yes — this site runs a Rust parser compiled to WebAssembly, so the file is decoded locally in the browser and never uploaded to a server.

Does Eric Zimmerman's JLECmd work on Linux or macOS?

JLECmd is a Windows .NET tool; on Linux or macOS use an in-browser parser or run JLECmd inside a Windows VM.

Are these Jump List parsers free?

Yes, all four tools listed here are free to use.

Jump List Parser Tools Compared (2026)

Which Jump List parser you pick comes down to three questions: do you want a CLI, a GUI, or a browser? Can you install software on the analyst workstation? And is it acceptable for the artifact to leave that machine? The four tools below cover those combinations.

JLECmd (Eric Zimmerman)

The de facto standard for command-line Jump List parsing. JLECmd handles both *.automaticDestinations-ms and *.customDestinations-ms, walks the DestList stream, decodes each embedded LNK, and emits CSV or JSON. It is fast, scriptable, and slots cleanly into KAPE and other automated pipelines, which makes it the obvious choice when you are processing a directory of artifacts from many endpoints.

Trade-off: it is a Windows .NET binary with no GUI. You read the output in a spreadsheet or feed it to another tool — there is no interactive browsing of entries.

Jumplist Explorer (Eric Zimmerman)

The GUI companion to JLECmd. Load a file or a folder and click through parsed entries, LNK fields, timestamps, and the DestList ordering. It is the most comfortable way to do deep, interactive analysis on a Windows analyst box, and it shares JLECmd's parsing engine, so the underlying decoding is consistent.

Trade-off: requires installation and runs on Windows only. Not suited to batch processing — that is JLECmd's job.

Jumplist-Browser (kacos2000, GitHub)

An open-source PowerShell-based viewer hosted on GitHub. It exposes the raw structures inside a Jump List — the OLE Compound File streams, the DestList records, the embedded LNK fields — in a way that is useful when you want to see what is actually in the file rather than a normalized view of it. Reading the source is also a decent way to learn the format.

Trade-off: Windows and PowerShell only, and the interface is closer to a research tool than a polished analyst GUI.

Jump List Parser (this site)

A Rust parser compiled to WebAssembly that runs entirely in the browser. There is nothing to install, it works on Windows, macOS, and Linux, and the file is decoded locally — it never leaves the machine, which matters for chain of custody and for handling artifacts you cannot upload to a third-party service.

Trade-off: it is built for ad-hoc and triage parsing, not for unattended batch processing of large directories. For pipeline work, JLECmd is the better fit.

When to use which

Reach for JLECmd when you need to process many Jump Lists into CSV or JSON, or when you are wiring parsing into a KAPE module. Use Jumplist Explorer when you are sitting at a Windows analyst workstation and want to click through entries interactively. Use the Jump List Parser in this site when you are on a Mac or Linux box, when a colleague has just sent you a single file, or when policy prevents you from uploading the artifact anywhere. And reach for Jumplist-Browser when you are curious about the raw streams or learning the format.

All four are free. The right pick is the one that fits your workflow — try the browser parser if you want zero install.