Windows 10 includes a new feature called the Windows Recycle Bin. The Recycle Bin is a place where you can store files that you no longer need. When you delete a file from your computer, Windows 10 automatically moves it to the Recycle Bin. You can also move files to the Recycle Bin from your desktop or file explorer. The Recycle Bin is a temporary storage space for files. Files in the Recycle Bin are deleted when you empty the bin or when your computer is turned off. If you want to keep a file in the Recycle Bin, you need to copy it to another location on your computer or delete it from the Recycle Bin. The Windows 10 Recycle Bin is useful for keeping temporary files and deleting old files that you no longer need. ..
You delete a file in Windows, it gets dumped into the Recycle Bin, and later you fish it back out. What exactly happens during that whole process?
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
The Question
SuperUser reader Jonath0n is curious about the Recycle Bin:
So what’s the story? How exactly does the Recycle Bin function as a sort of file purgatory?
The Answer
SuperUser contributor Tim Wijsman offers a peak behind the curtain:
Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
In the early days, on Windows 95 and 98 this was located in \RECYCLED. On Windows 2000 and later it was renamed to \RECYCLER. Since Windows Vista it is now a special folder called $Recycle.Bin.
Use Process Monitor to see the I/O under the hood, put a filter on Recycle.Bin and visit it. :)
For example, when I do this:
Note: The long folder name is a User SID. The last folder name is a hash based on the metadata.
I get a file that contains metadata information like this:
The reason that the file path has spaces in between is because it is stored in wide byte chars, to support special characters for certain languages as well as unicode and what else. The earlier symbols are binary and contain information like the file size and permissions, as well as a pointer to the file data. In essence, it contains enough information to reconstruct the original reference…
It’s sad that the Windows Internals book doesn’t cover this, or else I would’ve had more reference. I haven’t found any articles that go into detail on this, neither by Microsoft or by third party people. They probably do exist but I found it easier to go and reverse engineer the main concept…