Hi,
Is there a free tool out there that will parse the $I elements of Windows7 $Recycle.Bin? I have a current case where it would be really nice to list out which files (including source path) were deleted, and when
I've used recbin.exe in the past myslef on INFO2 files - but isn't INFO2 an XP artifact?
Cheers
I wrote a tool called 'recbin', in Perl, that will parse both INFO2 and the $I files from Vista+ recycle bin folders…
You're up early Harlan!!
I have recbin.exe and recbin.pl in the CH5 folder from your first book and DVD (2007) - is it one of these?
Thansk
You're up early Harlan!!
This isn't "early" for me at all…it's normal.
I have recbin.exe and recbin.pl in the CH5 folder from your first book and DVD (2007) - is it one of these?
You'll have to take a look at the code, or even just the syntax info, but I doubt it. I updated the code as part of my timeline analysis course offering, and I don't think I released it.