Don't know if I'm over simplifying things here but wouldn't the last modified date be a relyable indicator? I say this as the file modified holds info pertaining to the MFT entry and the MFT entry path gets changed the moment it moves into the recycle bin..? I know this isn't solid proof as the user could edit the MFT entry themselves somehow and this would also change the modified date.
I think what you may be looking for here isn't the last modified date for the file (the "M" time) but rather the last time that the MFT entry was modified (ie., the "C" date, in TSK parlance, from "MACB"). I think (and correct me if I'm wrong) but the time stamp may be referred to as the "entry modified" date in EnCase.
Assuming that everyone has a thorough understanding of the naming conventions used in the INFO2 file when files are moved to the Recycle Bin, has anyone checked to see if the BitBucket NukeOnDelete value was set?