As a continuation of the "Introduction to Windows Forensics" series, this video introduces Recycle Bin Forensics. From Windows 95 to Windows 10, the history of the Recycle Bin is covered. We’ll discuss the INFO2 metadata files found on older operating systems, as well as the $I and $R files found on modern operating systems. We’ll take a look at exactly what happens when a file is placed in the Recycle Bin, and we’ll look at a tool that will help us extract metadata from $I files.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
Introduction to Windows Forensics:
[ Ссылка ]
Fun with Recycle Bin $I Files & Windows 10:
[ Ссылка ]
$I Parse:
[ Ссылка ]
Once Upon a Time in Recycle Bin:
[ Ссылка ]
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Recycle Bin Forensics
Теги
Windows 10 Recycle BinC:\RECYCLEDDFIRWindows 10 Recycle Bin forensics$I fileINFO2relative identifierwmicINFO2 fileC:\RECYCLERdigital forensics videossecurity identifierdigital forensicsforensics$I ParseRecycle BinINFO2 files$R files$Recycle.Bin$I fileswmic useraccountwmic sid$R fileC:\$Recycle.BinRecycle Bin forensics
