A Good place to examine is RecentDocs which is also known as “Recently used documents”.
There are 2 places you can check out for clues.
I used a cool tool called RegRipper. RegRipper is a Windows Registry data extraction and correlation tool. It goes through specific Registry hive files in order to access and extract specific keys, values, and data, and does so by bypassing the Win32API. And this is the end result.