challenges faced with unallocated space

A lot of files in unallocated space will also be known as deleted files. Therefore you want to determine where allocated files are stored, where deleted files were stored, before you try and carve just the remaining unallocated files.

This is not a complete answer to your question, but it may help with maybe 50% of the files you find in unallocated space.

Could you hex keyword search for the logical size of the carved file in little endian to try and find it in MFT fragments or maybe $I30's?

i wondered if it was worth using a clean install and monitoring test files as they enter unallocated. As they are deleted areas on the disk could be logged. There may be some sort of pattern or structure to the way that the they enter unallocated and reside on the disk which will allow a "guess" as to where it was before hand. May even allow you to get an idea by seeing what files surround them that are currently live. Obviously wouldn't stand up in court. Maybe an unallocated parse haha…i wish (

When a file is deleted no data is moved. There is no area of the disk specifically 'unallocated'. Any sector/cluster can be used, or not used.
A file is deleted by either removing it's pointer, or (in NTFS) setting a flag in the pointer (MFT). The area used by the that file can then be used again.

You may beable to find information from the logfile, but logs normally recyle their space, so only recent changes could be tracked

I’m just trying to get a few opinions on this topic as I have recently encountered a couple of situations where I would have loved to have known where a certain file once existed before deletion!

On WIndows check various system resources the book Windows Forensic Analysis will help you on your way. Other operating systems other resources.

Or a resource I recently wrote an article about the Windows Search database
http//www.forensicfocus.com/windows-search-forensics