On a Windows computer, everything related to a users preferences in Windows explorer are kept in a file known as a Shellbag.
A Shellbag stores data such as what sort order the files are in and whether icons, lists or details are displayed. Accordingly, you can determine whether a folder has ever been accessed by a user, and what some of their preferences are.
In an investigation, key information is extracted from the Shellbag allowing an analyst to see what folders have been visited by a user and when a file/folder was last modified. In some cases historical file listings can be found even after a folder has been removed. These artifacts can then be pieced together to form a timeline of user activity.
Forensic Tech 