Windows Artifacts - Recycle Bin

By default, items deleted on a Windows OS machine are not literally deleted from the system. Instead they are moved into another file called a Recycle Bin.

From Windows 2k and forward, a User Security ID [SID] folder exists for every user after the recycle bin folder in the directory.

Windows 98: DRIVE:\RECYCLED
Windows 2k, XP, NT: DRIVE:\RECYCLER[SID]
Windows Vista, 7+: DRIVE:$RECYCLE.BIN[SID]

Windows XP

Files inside of the recycle bin have their metadata stored in