Hello,
I have a customer using the eDiscovery module and they noticed the eDiscovery scan had located files in the recycling bin when running a scan against a workstation.
I wanted to run a few questions by the community regarding this:
-
Can eDiscovery scan the actual contents of files in the recycling bin, or is it likely a false positive from the naming convention of the file?
-
If the files are being scanned, the naming convention that Windows uses for files in the recycling bin does not match the original, which makes it difficult to track what the original file was, even when it is restored. If this is the case, is there a recommended way to handle this?
-
Also, if a customer were to encrypt the target file path, would it not just encrypt the shortcut to the file, or would the actual original file be encrypted?
-
Lastly, if the content of the files in the recycling bin is not being scanned, and it’s a false positive, would it make more sense to just exclude the path to the recycling bin from scanning?
I’m also curious if other customers have had similar questions regarding the Windows recycling bin and if there is a recommended workflow for handling situations like these. I searched through the document for the terms “Recycle Bin” and “Recycling Bin” but didn’t see any results, so I figured I would run these by the community.
Thanks!
Jason