* del2info – A tool for analyzing Windows Recycle Bin INFO2 and $I?????? files
* carver – A tool for extracting Thumbnails stored in Windows Explorer thumbcache_NN.db files
Analysis of Windows Recycle Bin is usually carried out during Windows computer forensics. del2info can extract file deletion time, original path and size of deleted files and whether the deleted files have been moved out from the Recycle Bin. Carver, the tool included in pyDetective toolkit will help you carve out images from the thumb cache file. This is very important when it comes to cases that deal with pictorial data.
Using pyDetective with these two tools is very easy. They work on Linux and Windows operating systems as well. It just needs Python 2.7.
Download pyDetective .
Source:pentestit