Windows recycle bin analysis tool


Rifiuti2 is a rewrite of rifiuti, a tool of identical purpose written by Foundstone which was later purchased by McAfee. Quoting from the original FoundStone page:

Many computer crime investigations require the reconstruction of a subject’s recycle bin. Since this analysis technique is executed regularly, we researched the structure of the data found in the Recycle Bin repository files (INFO2 files). Rifiuti, the Italian word meaning “trash”, was developed to examine the contents of the INFO2 file in the Recycle Bin. … Rifiuti is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.

However, since the original rifiuti (last updated 2004) can’t analyze recycle bin from any localized version of Windows (restricted to English), this rewrite effort is born to overcome the limitation. Later rifiuti2 was improved to add support for Vista format recycle bin, XML output and other extra features not available from original version.