Windows Recycle Bin Analysis with free tools

Detectalix 24 views 3 slides Mar 07, 2025

Slide 1 of 3

About This Presentation

Most important concepts of the Recycle Bin on Windows and two free tools to examine it, RBCmd and Rifiuti2.
Also watch the YouTube video here:
https://youtu.be/yeHQ0NNeGDo

Size: 110.43 KB

Language: en

Added: Mar 07, 2025

Slides: 3 pages

Slide Content

Windows Recycle Bin Analysis D eleted files are usually first moved to the Recycle Bin on Windows (or analogous directory on other OSes). These files are permanently deleted when the Recycle Bin is emptied or they can be restored in their original location On Windows XP and earlier deleted files are placed under C:\Recycler\ subfolders, one for each user, and the relative information are stored in INFO2 index files On Windows Vista and newer deleted files are stored under C:\$Recycle.Bin\ subfolders in files that begin with $I and $R .

Rifiuti2 Rifiuti2 is a tool installed on Kali Linux and forensic distros, that allows to examine the contents of the Recycle Bin. It is made up of two tools, rifiuti , to analyze INFO2 files and rifiuti -vista , to analyze the new \$ Recycle.Bin files

RBCmd RBCmd is a Windows CLI tool developed by Eric Zimmerman, as part of the EZ Tools suite, which includes various utilities designed to analyze Windows artifacts. RBCmd specifically focuses on parsing and analyzing Recycle Bin artifacts. Can be downloaded from: https://github.com/EricZimmerman/RBCmd