Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

rifiuti2(1) [debian man page]

RIFIUTI2(1)					      A MS Windows recycle bin analysis tool					       RIFIUTI2(1)

NAME

       rifiuti2 - A MS Windows recycle bin analysis tool

SYNOPSIS

       rifiuti [ -x ] [ -tnl8 ] [ -o outfile ] filename

       rifiuti-vista [ -x ] [ -n8 ] [ -o outfile ] file_or_directory

DESCRIPTION

       Rifiuti2  is  a	rewrite  of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file.  Analysis of Windows
       Recycle Bin is usually carried out during Windows computer forensics.  Rifiuti2 can extract file deletion time, original path and  size	of
       deleted	files  and whether the deleted files have been moved out from the recycle bin since they are trashed.  Rifiuti2 supports the INFO2
       file format found in Windows up to Windows XP and the new file format found in Vista, and the program is fully  internationalized.  If  you
       need  to  analyse  recycle bins of Windows Vista and Windows Server 2008, you should use the rifiuti-vista command, for other Windows plat-
       forms, you should use the rifiuti command.

       Quoting from original Foundstone page:

	      Many computer crime investigations require the reconstruction of a subject's Recycle Bin. Since this analysis technique is  executed
	      regularly,  we  researched  the  structure of the data found in the Recycle Bin repository files (INFO2 files). Rifiuti, the Italian
	      word meaning "trash", was developed to examine the contents of the INFO2 file in the Recycle Bin. ... Rifiuti is built  to  work	on
	      multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms."

       Since  the original rifiuti (last updated 2004) is restricted to English version of Windows (fail to analyze any non-latin character), thus
       this rewrite. But it does more:

	 * Supports Windows in any other languages besides English
	 * Supports Vista and 2008 (they don't use INFO2 file any more)
	 * Enables localization (that is, translatable)
	 * More rigorous error checking
	 * Supports output in XML format

OPTIONS

       These are plain text output options:

       -t --delimiter=STRING
	      String to use as delimiter (TAB by default)

       -n --no-heading
	      Don't show header

       -l --legacy-filename
	      Show legacy filename instead of unicode

       -8 --always-utf8
	      Always show file names in UTF-8 encoding

	      These are general application Options:

       -o --output=FILE
	      Write output to FILE

       -x --xml
	      Output in XML format (-t, -n, -l, -8 options will have no effect)

       --from-encoding=ENC
	      The assumed file name character set when no unicode file name is present in INFO2 record (mandatory if  INFO2  file  is  created	by
	      Win98, useless otherwise)

COPYRIGHT

       Part of the work of Rifiuti2 is derived from Rifiuti, both pieces of software are licensed under the simplified BSD license.

AUTHOR

       The main author of Rifiuti2 is Abel Cheung, and Anthony Wong helps in some packaging and documentation work (like this manpage).  The orig-
       inal author of Rifiuti is Keith J Jones.

0.5.0								    2008-11-21							       RIFIUTI2(1)

Check Out this Related Man Page

DateTime::TimeZone::Local::Win32(3)			User Contributed Perl Documentation		       DateTime::TimeZone::Local::Win32(3)

NAME

       DateTime::TimeZone::Local::Win32 - Determine the local system's time zone on Windows

VERSION

       version 1.63

SYNOPSIS

	 my $tz = DateTime::TimeZone->new( name => 'local' );

	 my $tz = DateTime::TimeZone::Local->TimeZone();

DESCRIPTION

       This module provides methods for determining the local time zone on a Windows platform.

HOW THE TIME ZONE IS DETERMINED

       This class tries the following methods of determining the local time zone:

       o   $ENV{TZ}

	   It checks $ENV{TZ} for a valid time zone name.

       o   Windows Registry

	   When using the registry, we look for the Windows time zone and use a mapping to translate this to an Olson time zone name.

	   o	   Windows Vista and 2008

		   We look in "SYSTEM/CurrentControlSet/Control/TimeZoneInformation/" for a node named "/TimeZoneKeyName". If this exists, we use
		   this key to look up the Olson time zone name in our mapping.

	   o	   Windows NT, Windows 2000, Windows XP, Windows 2003 Server

		   We look in "SOFTWARE/Microsoft/Windows NT/CurrentVersion/Time Zones/" and loop through all of its sub keys.

		   For each sub key, we compare the value of the key with "/Std" appended to the end to the value of
		   "SYSTEM/CurrentControlSet/Control/TimeZoneInformation/StandardName". This gives us the English name of the Windows time zone,
		   which we use to look up the Olson time zone name.

	   o	   Windows 95, Windows 98, Windows Millenium Edition

		   The algorithm is the same as for NT, but we loop through the sub keys of "SOFTWARE/Microsoft/Windows/CurrentVersion/Time
		   Zones/"

AUTHOR

       Dave Rolsky <autarch@urth.org>

COPYRIGHT AND LICENSE

       This software is copyright (c) 2013 by Dave Rolsky.

       This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

perl v5.16.3							    2013-10-28				       DateTime::TimeZone::Local::Win32(3)
Man Page