Note:I translated Japanese into English using Google Translate.
Thank you, Google. 

Hop Step Jumplist.

Display file 5f7b5f1e01b83767.automaticDestinations-ms with HEX.
Only 'DestList' exists in this file.

I started explorer and I looked up 4 image files with E: drive.

Check the contents of the JumpList file. Four records that refer to the image file are displayed.

Delete the history of Explorer.

Check the contents of the JumpList file. Four records in JumpList have disappeared.

However, stream data seems to remain in the JumpList file. I have studied the structure of automaticdestinations in past blog.

Save the range of LNK data as binary and try to parse with LEcmd.

Carving the Jump List file using Bulk_Extractor 'winlnk' option.

Two records indicating the JPGE file name have been reported.

I try Carving by PhotoRec. Change PhotoRec options.

For geometry options, set the sector size to 1.

In File Opt setting, only lnk is selected.

Three files were extracted.

Validate the restored LNK file.

File f0003776.lnk is broken, but you can check the link destination.

Testing environment:Windows 10 1803

Reference URL:

www.hecfblog.com

port139.hatenablog.com

http://www.mitec.cz/ssv.html

articles.forensicfocus.com