Basically, because "normal" recovery products such as Recuva won't find anything that is recoverable. If those products or one of the many similar ones is present you can also look at the settings to see what was erased and how it was done.
How would Recuva help then?
Roadkil is what I use as a last resort as it basically searches the whole drive at a very low level and tries to recover any file or part of a file that it can. It takes a very long time to run and you need a recipient drive the size or bigger than your target drive. I use it when I think that the HDD is about to die, as I will probably only get one chance at recovery.
Can i choose the specific folder the pictures were in to recover the pictures with Roadkil?

The Page File is a Windows system file that it uses for a variety of mysterious things. You normally cannot access it if you have booted Windows on that machine as it is locked when Windows starts. In XP look for pagefile.sys in C:\ (that is the root of C) and in C:\Windows. If you look in Control Panel and Advanced Settings you can see how it has been set up. I think that the default is to one or other of those two locations depending on whether you let Windows manage it or you assign manual values. You can also direct it to another HDD if you want.

If you are going to look at Windows system files, then it would be advisable to have the drive or image slaved to another computer, or use a live CD/DVD. Windows locks a lot of files when it starts.
Can i copy and paste pagefile.sys files and read it on another computer? How?
Where in Control Panel and Advanced Setting do you set it up?

It might be or it might simply be held in RAM. It might also be encrypted
How do i find the email password in the Page File or RAM? If it is encrypted, can i decrypt the password?
It is normally a part of the file itself that you don't see when you open it with its proper application.

To demonstrate this; get a small Word document and open it in notepad.
Where do i find those metadata files? What can i find in those files?

Possibly The Registry, but as I have suggested the last opened and last modified are more common metrics.
Where do i find how many times a file has been opened in the Registry?


Cluster tips are the unused part of clusters on your HDD. Say your clusters are 4KB and you save a 6KB file, it will use 2 clusters and the 2KB that isn't used will contain previous data. That is, it will not be overwritten.

Alternate data streams are another place where sensitive data may hide.
Where do i find them and how do i use them?
As a start I would suggest that you look in the recycle bin, then open the web browser and look at history and "favourites" or "bookmarks" also look at the backup files for them.

Also look to see if there has been a system backup.... this would typically create a backup of user files and folders.
Where do i find the backup files for history,favourites and bookmarks?
Where do i find the system backup files? and how do i open and see what is in those files?

Thanks