Research of Recycle Bin Forensic Analysis Platform Based on XML Techniques

Abstract

Windows Recycle Bin is an important component of the operating system and the algorithm is very important and worth exploring. Recycle Bin preserves deleted files and directories signs. So, it’s an important part to exam the control files of the Recycle Bin in computer forensic. In this paper, by parsing the structure of INFO2, we completely analyze the recovery model and algorithms of the Recycle Bin. And based on the use of XML structure, the parsing data are packaged in XML. By this way, a practical evidence analysis Platform is designed, which can work out and restore the information of deleted files into the form of a friendly user interface. This application will be an important information-gaining tool to conduct forensic analysis of a suspect’s computer system.