The Windows Shell uses Shell Items (or Shell Item list) to identify items within the Windows Folder Hierarchy. A Shell Item is much like a "path", and is unique to its parent folder. The format of the Shell Item is undocumented and varies between Windows versions.
The basic format is a list, consisting of a (shell item) entry size value (field) and entry data.
There are multiple types of entries to specify different parts of the "path":
- network share
- file and directory
Some shell item entries contain date and time values which can be used in Timeline Analysis.