$Recycle.bin parser

recycle_parser.py

from pathlib import Path
import struct

path_to_i_files = input("Path to $I files: ")
i_dir = Path(path_to_i_files)

csv_file = open('recycle_bin.csv', 'a', encoding='utf-16')
csv_file.write("file size, timestamp, file name")

for file in i_dir.glob('$I*'):
    i_file_bytes = file.read_bytes()

    # Windows 10             Windows 7
    # 8 Header               8 Header
    # 8 File Size            8 File Size
    # 8 Deleted timestamp    8 Deleted timestamp
    # 8 File name Length
    # var File name          520 File Name

    # Windows 7
    header, file_size, timestamp, file_name = struct.unpack("=1q1q1q520s", i_file_bytes)

    file_name = file_name.decode('utf-16')

    # Remove end of lines chars
    file_name = file_name.replace("\x00", "")
    csv_file.write(f"{file_size}, {timestamp}, \"{file_name}\"\n")

csv_file.close()

renamer.py

from pathlib import Path
import struct

path_to_i_files = input("Path to $I files: ")

i_dir = Path(path_to_i_files)

i = 0
for file in i_dir.glob('$I*'):
    i_file_bytes = file.read_bytes()

    # Windows 10             Windows 7
    # 8 Header               8 Header
    # 8 File Size            8 File Size
    # 8 Deleted timestamp    8 Deleted timestamp
    # 8 File name Length
    # var File name          520 File Name

    # Windows 7
    header, file_size, timestamp, file_name = struct.unpack("=1q1q1q520s", i_file_bytes)

    file_name = file_name.decode('utf-16')

    # Remove end of lines chars
    file_name = file_name.replace("\x00", "")

    # New path
    # FIXME: Path with f-strings - its a crutch?
    recovered_name = str(Path(file_name).stem) + f"_{i}" + str(Path(file_name).suffix)
    new_path = Path(f"{file.parent}\\{recovered_name}")

    i += 1
    print(i, file.name, recovered_name, end=" ")
    try:
        Path(f"{file.parent}\\$R{file.name[2:]}").rename(new_path)
        file.unlink()
        print("| renamed and remove $I file")
    except Exception as e:
        print(file.name, e)