Recycle Bin forensics: where there’s trash, you might find treasure!

Recycle Bin forensics: where there’s trash, you might find treasure!

In the Windows world, when you delete the files it goes to recycle bin. With a forensics tool you can take a look at these files!

$R Files: Recycle Bin metadata files, denoted by the “$R” prefix, contain information about deleted files, including their original paths, deletion timestamps, and unique identifiers. Analyzing $R files enables investigators to reconstruct the Recycle Bin’s history and identify deleted items.

$I Files: Similarly, $I files provide metadata associated with deleted files, offering additional context for forensic analysis. By examining $I files, investigators can ascertain details such as file attributes, timestamps, and deletion methods.

Put on the Sherlock Holmes hat and take a look at your recycle bin! 🙂

Download FTK Imager –>Add your device as a logical drive and take a look with your magnifying glass!

https://www.exterro.com/ftk-product-downloads/ftk-imager-version-4-7-1

To learn more you can take the Digital Forensics Course!

EC Council Digital Forensics!

Leave a Reply

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial
YouTube
YouTube
LinkedIn
LinkedIn
Share