:py:mod:`dissect.target.plugins.os.windows.recyclebin`
======================================================

.. py:module:: dissect.target.plugins.os.windows.recyclebin


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.recyclebin.RecyclebinPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.recyclebin.RecycleBinRecord
   dissect.target.plugins.os.windows.recyclebin.c_recyclebin_i


.. py:data:: RecycleBinRecord

   

.. py:data:: c_recyclebin_i
   :value: Multiline-String

    .. raw:: html

        <details><summary>Show Value</summary>

    .. code-block:: python

        """
        struct header_v1 {
            int64    version;
            int64    file_size;
            int64    timestamp;
            wchar    filename[260];
        };
        struct header_v2 {
            int64    version;
            int64    file_size;
            int64    timestamp;
            int32    filename_length;
            wchar    filename[filename_length];
        };
        """

    .. raw:: html

        </details>

   

.. py:class:: RecyclebinPlugin(target: dissect.target.Target)


   Bases: :py:obj:`dissect.target.plugin.Plugin`

   Recyclebin plugin.

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: recyclebin() -> Generator[RecycleBinRecord, None, None]

      Return files located in the recycle bin ($Recycle.Bin).

      Yields RecycleBinRecords with fields:
        hostname (string): The target hostname
        domain (string): The target domain
        ts (datetime): The time of deletion
        path (uri): The file original location before deletion
        filesize (filesize): Filesize of the deleted file
        sid (string): SID of the user deleted the file, parsed from $I filepath
        user (string): Username matching SID, lookup using Dissect user plugin
        deleted_path (uri): Location of the deleted file after deletion $R file
        source (uri): Location of $I meta file on disk


   .. py:method:: read_recycle_bin(bin_path: dissect.target.helpers.fsutil.TargetPath) -> Generator[RecycleBinRecord, None, None]


   .. py:method:: read_bin_file(bin_path: dissect.target.helpers.fsutil.TargetPath) -> RecycleBinRecord


   .. py:method:: find_sid(path: dissect.target.helpers.fsutil.TargetPath) -> str


   .. py:method:: select_header(data: bytes) -> dissect.cstruct.Structure

      Selects the correct header based on the version field in the header