Welcome to Scribd!

Tugas H-2b

Uploaded by

0% found this document useful (0 votes)

7 views14 pages

The document discusses the Windows Recycle Bin, including how files are sent to and deleted from the Recycle Bin. Files deleted from the system are actually renamed and moved to a hidden Recycle Bin folder. The Recycle Bin folder structure differs between FAT and NTFS drives, with NTFS using a hidden SID Named folder containing $I and $R files that store metadata about the recycled files. Forensically, files in the Recycle Bin indicate user awareness and intent to remove those files from the system.

Original Description:

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

7 views14 pages

Tugas H-2b

Uploaded by

Wusthon Adlali

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 14

Search inside document

Windows Recycle Bin

A part of Advanced Computer Forensics

Overview
• Location, folder structure, and content of Windows
Recycle bin
• $I… files
Delete a file in Windows
• Drag and drop file into Recycle Bin
• Select file, press “Delete” key
• Select file, press “Shift” and “Delete” keys
• Select file, right-click, select “Delete” option
• Select file, right-click, press “Shift” key and select
“Delete” option
• Delete file from command line
Send to Recycle Bin
• Drag and drop file into Recycle Bin
• Select file, press “Delete” key
• Select file, right-click, select “Delete” option
Delete file from the file system
• “Shift” and “Delete”
• Delete file from command line
Delete file from the file system
• Secure deletion requires 3rd party software or a disk
defragment
• Some software performs additional actions before
deleting to add a layer of obfuscation
File Recycling
• Not permanently deleted
• Renamed and moved to a hidden folder
• Can be restored to its original name and location
Forensics of Recycle Bin
• Files are moved into Recycle Bin by explicit command
from the user
• Presence of a file / folder in the Recycle Bin usually
indicates
– user awareness of the file / folder
– intent to remove it
Folder Structure

• Each logical drive has hidden recycle bin folder for files
recycled from that drive
• Recycle Bin folder structure is different on FAT and on
NTFS drives
Recycle Bin on NTFS drives
SID Named Folder

$IV0B3OM.sys
$I1GL6DR.doc
$RV0B3OM.sys
$R1GL6DR.doc
$I…files
• Have fixed size of 544 bytes
• Each $I… file contains info about the corresponding $R… file:
– Size
– Date and time of recycling
– Original name and location
$IV0B3OM.sys
Thank you
izazi@forensor.com

Best Free Open Source Data Recovery Apps for Mac OS English Edition
From Everand
Best Free Open Source Data Recovery Apps for Mac OS English Edition
Cyber Jannah Sakura
No ratings yet
Lecture 13 - Recycle Bin Forensis
Document16 pages
Lecture 13 - Recycle Bin Forensis
htoothit781
No ratings yet
Chapter 7 & 8 File Systems: Computer Department SPIT, Piludara
Document80 pages
Chapter 7 & 8 File Systems: Computer Department SPIT, Piludara
jigneshbalol29
No ratings yet
CF Lecture 08 - Anti Forensics Techniques Part 1
Document16 pages
CF Lecture 08 - Anti Forensics Techniques Part 1
Faisal Shahzad
No ratings yet
File Management
Document67 pages
File Management
Tharaka Methsara
No ratings yet
Operating System Module 5-Lecture 1: Disk Management
Document6 pages
Operating System Module 5-Lecture 1: Disk Management
Biswas Lectures
No ratings yet
File Management
Document157 pages
File Management
Lionel Munya Chigwida
No ratings yet
Operating System Unit-V
Document64 pages
Operating System Unit-V
suresh R
No ratings yet
Akuisisi Data: Forensic Computer
Document76 pages
Akuisisi Data: Forensic Computer
Darma
No ratings yet
OS CH 4
Document39 pages
OS CH 4
Dawit Tesfaye
No ratings yet
Desktop Icons: Reported By:john Michael Diza Report Time:xxx
Document61 pages
Desktop Icons: Reported By:john Michael Diza Report Time:xxx
JM Diza
No ratings yet
File Sys 1 PDF
Document43 pages
File Sys 1 PDF
vidishsa
No ratings yet
Chapter - 6
Document48 pages
Chapter - 6
Miretu Jaleta
No ratings yet
Os Mod 4 - 1
Document11 pages
Os Mod 4 - 1
Gokul Suresh
No ratings yet
File System Implementation
Document45 pages
File System Implementation
Chris
No ratings yet
Android Storage Handout
Document4 pages
Android Storage Handout
nilkar08
No ratings yet
File System Forensics: Dr. N.B. Venkateswarlu
Document42 pages
File System Forensics: Dr. N.B. Venkateswarlu
venkat_ritch
No ratings yet
CH 04
Document13 pages
CH 04
balajinaik07
No ratings yet
Backup Strategy
Document39 pages
Backup Strategy
mehrunnisa99
No ratings yet
File Operations PDF
Document35 pages
File Operations PDF
vidishsa
No ratings yet
CH 04 I C
Document93 pages
CH 04 I C
balajinaik07
No ratings yet
DFS Design and Implementation: Brent R. Hafner
Document40 pages
DFS Design and Implementation: Brent R. Hafner
Shweta panwar
No ratings yet
FS 1
Document20 pages
FS 1
alihamza
No ratings yet
CLASS 5 COMPUTER - WKT 3.2
Document9 pages
CLASS 5 COMPUTER - WKT 3.2
vmhsphysics
No ratings yet
File Storage Basics: Sector - Minimum Unit For A Disk
Document3 pages
File Storage Basics: Sector - Minimum Unit For A Disk
Ciprian Laurentiu
No ratings yet
Unit5 Chap1
Document57 pages
Unit5 Chap1
Pandu Kumar
No ratings yet
Week 11
Document78 pages
Week 11
manyagarg787
No ratings yet
SCI4201 Lecture 4 - Data Acquistion
Document46 pages
SCI4201 Lecture 4 - Data Acquistion
onele mabhena
No ratings yet
Unit VI File Management
Document41 pages
Unit VI File Management
rhythm -
No ratings yet
File Systems
Document8 pages
File Systems
Amit Kr Mandal
No ratings yet
File Management
Document91 pages
File Management
Glrmn
No ratings yet
Operating Systems: Prof. Navneet Goyal Department of Computer Science & Information Systems BITS, Pilani
Document66 pages
Operating Systems: Prof. Navneet Goyal Department of Computer Science & Information Systems BITS, Pilani
DEEPAK2502
No ratings yet
Unit 6 OS
Document52 pages
Unit 6 OS
ha.ra.d.e.vi.e.r
No ratings yet
Managing A Microsoft Windows Server 2003 Environment
Document50 pages
Managing A Microsoft Windows Server 2003 Environment
halady123
No ratings yet
Digital Forensics (Data Acquisition and Hashing)
Document48 pages
Digital Forensics (Data Acquisition and Hashing)
Dipenker Dey
100% (1)
Unix Linux Forensics
Document57 pages
Unix Linux Forensics
nele12345
No ratings yet
Lec 2
Document23 pages
Lec 2
aldd63502
No ratings yet
File System Interface: Polytechnic University of The Philippines
Document31 pages
File System Interface: Polytechnic University of The Philippines
momshe_214
No ratings yet
Chapter 8 - File Management
Document100 pages
Chapter 8 - File Management
杨丽璇
100% (2)
Guide To Computer Forensics and Investigations: Data Acquisition
Document17 pages
Guide To Computer Forensics and Investigations: Data Acquisition
Yukta Jaiswal
No ratings yet
Files & Folders
Document29 pages
Files & Folders
Mahesh Chandrasena
No ratings yet
ECDL - ICDL Computer Essentials Lesson4 Draft
Document32 pages
ECDL - ICDL Computer Essentials Lesson4 Draft
osmanhanif
No ratings yet
6.file Management1
Document31 pages
6.file Management1
Nisarg Gugale
No ratings yet
Unit6pdf 2024 03 27 08 31 05
Document40 pages
Unit6pdf 2024 03 27 08 31 05
adityarajaj189
No ratings yet
Introduction To File Organization
Document30 pages
Introduction To File Organization
Jbkhun
No ratings yet
Chap 12
Document46 pages
Chap 12
cam tam
No ratings yet
Varonis DatAlert DATASHEET
Document3 pages
Varonis DatAlert DATASHEET
Marc Tessier
No ratings yet
Directory and Disk Structure: Presented by
Document16 pages
Directory and Disk Structure: Presented by
abdulbarimalik
No ratings yet
CYBER 502x Unit 3 Sleuthkit
Document28 pages
CYBER 502x Unit 3 Sleuthkit
neon48
No ratings yet
File System: M. S. Ramaiah Institute of Technology
Document28 pages
File System: M. S. Ramaiah Institute of Technology
Nishit
No ratings yet
File System: M. S. Ramaiah Institute of Technology
Document28 pages
File System: M. S. Ramaiah Institute of Technology
Nishit
No ratings yet
(Ch11) File System Interface
Document54 pages
(Ch11) File System Interface
Kumail Raza
No ratings yet
Windows System Artifacts
Document35 pages
Windows System Artifacts
Ain Anuar
No ratings yet
Data Acquisition: Paul Ssemaluulu (PHD)
Document35 pages
Data Acquisition: Paul Ssemaluulu (PHD)
Wiisky Ilwa
100% (2)
Cyber - Internals Merged
Document69 pages
Cyber - Internals Merged
Devika Dakhore
No ratings yet
03 Data Acquisition
Document91 pages
03 Data Acquisition
Mohammed Lajam
No ratings yet
PC Hardware Servicing: Chapter 29: Managing Files
Document22 pages
PC Hardware Servicing: Chapter 29: Managing Files
Amir M. Villas
No ratings yet
OS Lec 11 & 12
Document17 pages
OS Lec 11 & 12
Hasnain
No ratings yet
Describe The Picture Below
Document20 pages
Describe The Picture Below
John Michael Bender
No ratings yet
Cyber Forensics Unit - 1 Computer Forensics
Document23 pages
Cyber Forensics Unit - 1 Computer Forensics
Devika Dakhore
No ratings yet