Forensic Analysis of Microsoft Windows Recycle Bin Records
"Contrary to popular belief, when a file is deleted from a computer it is not really deleted. Windows utilizes a repository for deleted files called the Recycle Bin. The existence of the Recycle Bin allows a user to retrieve a document he accidentally deleted. In order for Windows to undelete a file in this manner, certain information must be stored in records so that the original information about the file may be restored, such as the file name..."
http://www.e-fense.com/helix/Docs/Recycler_Bin_Record_Reconstruction.pdf
Very interesting!-Urs
Yes, very interesting, and in use by quite a number of admins, first responders, and forensic analysts.