Skip to content

abelcheung/rifiuti2

Repository files navigation

Introduction

Rifiuti2 is a for analyzing Windows Recycle Bin INFO2 file. Analysis of Windows Recycle Bin is usually carried out during Windows computer forensics. Rifiuti2 can extract file deletion time, original path and size of deleted files and whether the trashed files have been permanently removed.

For those interested in what it does, and what functionality it provides, please check out official site for more info.

Special notes

Latest features and changes can be found in NEWS file.

0.8.1

JSON output format, WSL v2 support, and improve robustness when reading broken data.

0.8.0

Usage

rifiuti2 is designed to be portable (just download and use without need for installation), and runs on command line environment. Although utilities provide -h option for brief help message, it is suggested to consult Wiki page for full detail on all of the options; following are a few examples on how to use them:

  • rifiuti-vista.exe -x -z -o result.xml \case\S-1-2-3\

Scan for index files under \case\S-1-2-3\, adjust all deletion time for local time zone, and write XML output to result.xml

  • rifiuti -l CP932 -t "\n" INFO2

Assume INFO2 file is generated from Japanese Windows (codepage 932), and display each field line by line, instead of separated by tab

Download

Supported platforms

rifiuti2 is guaranteed usable on Windows, Linux and FreeBSD, with success reports for MacOS (using brew). Some testing on big endian platforms are done with Qemu emulator. More compatibility fix for other architectures welcome.

Windows

Windows binaries are officially provided on Github release page. Some info for ancient Windows version are available on wiki.

Unix packages

Most Linux and FreeBSD users can use pre-packaged software for convenience. Check out the status here.

Others

For OS where rifiuti2 is not readily available, it is always possible to compile from source.