Awesome
Introduction
Rifiuti2
is a for analyzing Windows Recycle Bin INFO2 file. Analysis of
Windows Recycle Bin is usually carried out during Windows computer
forensics. Rifiuti2
can extract file deletion time, original path
and size of deleted files and whether the trashed files have been
permanently removed.
For those interested in what it does, and what functionality it provides, please check out official site for more info.
Special notes
Latest features and changes can be found in NEWS file.
0.8.1
JSON output format, WSL v2 support, and improve robustness when reading broken data.
0.8.0
- Windows binaries will be published via MSYS2 GitHub workflow.
- Package maintainers would need to rewrite their package files, in light of multiple renovations: CMake migration, gettext removal, document restructuring etc.
Usage
rifiuti2
is designed to be portable (just download and use without
need for installation), and runs on command line environment.
Although utilities provide -h
option for brief help message,
it is suggested to consult Wiki page for
full detail on all of the options; following are a few examples
on how to use them:
rifiuti-vista.exe -x -z -o result.xml \case\S-1-2-3\
Scan for index files under
\case\S-1-2-3\
, adjust all deletion time for local time zone, and write XML output toresult.xml
rifiuti -l CP932 -t "\n" INFO2
Assume INFO2 file is generated from Japanese Windows (codepage 932), and display each field line by line, instead of separated by tab
Download
Supported platforms
rifiuti2
is guaranteed usable on Windows, Linux and FreeBSD,
with success reports for MacOS (using brew
). Some testing on
big endian platforms are done with Qemu emulator.
More compatibility fix for other architectures welcome.
Windows
Windows binaries are officially provided on Github release page. Some info for ancient Windows version are available on wiki.
Unix packages
Most Linux and FreeBSD users can use pre-packaged software for convenience. Check out the status here.
Others
For OS where rifiuti2
is not readily available, it is always
possible to compile from source.