recyclebin#
$ target-query <path/to/target> -f recyclebin
Module |
|
Output |
|
Module documentation
Recyclebin plugin.
Function documentation
Return files located in the recycle bin ($Recycle.Bin).
- Yields RecycleBinRecords with fields:
hostname (string): The target hostname domain (string): The target domain ts (datetime): The time of deletion path (uri): The file original location before deletion filesize (filesize): Filesize of the deleted file sid (string): SID of the user deleted the file, parsed from $I filepath user (string): Username matching SID, lookup using Dissect user plugin deleted_path (uri): Location of the deleted file after deletion $R file source (uri): Location of $I meta file on disk