Parse Win7 $I files...
 
Notifications
Clear all

Parse Win7 $I files in $Recycle.Bin?

4 Posts
2 Users
0 Likes
779 Views
(@cults14)
Posts: 367
Reputable Member
Topic starter
 

Hi,

Is there a free tool out there that will parse the $I elements of Windows7 $Recycle.Bin? I have a current case where it would be really nice to list out which files (including source path) were deleted, and when

I've used recbin.exe in the past myslef on INFO2 files - but isn't INFO2 an XP artifact?

Cheers

 
Posted : 20/08/2013 3:58 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I wrote a tool called 'recbin', in Perl, that will parse both INFO2 and the $I files from Vista+ recycle bin folders…

 
Posted : 20/08/2013 4:18 pm
(@cults14)
Posts: 367
Reputable Member
Topic starter
 

You're up early Harlan!!

I have recbin.exe and recbin.pl in the CH5 folder from your first book and DVD (2007) - is it one of these?

Thansk

 
Posted : 20/08/2013 4:21 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

You're up early Harlan!!

This isn't "early" for me at all…it's normal.

I have recbin.exe and recbin.pl in the CH5 folder from your first book and DVD (2007) - is it one of these?

You'll have to take a look at the code, or even just the syntax info, but I doubt it. I updated the code as part of my timeline analysis course offering, and I don't think I released it.

 
Posted : 20/08/2013 5:10 pm
Share: