In recent years, we’ve seen a large number of tools marketed as data recovery solutions. However, when testing some of these tools, we discovered that not all of them are fit to the job. The major differentiating factor is the type (or types) of data recovery algorithms used in these tools. But first let’s look at what happens when Windows deletes a file.
Contents
Why undeleting is possible
In Windows (and many other operating systems not using encrypted file systems or other secure containers) deleting a file does not mean its actual content is overwritten (the exception here would be SSD drives, which are a special story). Instead, Windows simply marks a file system record belonging to that file as “deleted”. Effectively, this releases the disk space that was used by the deleted file back into the pool of free space. From now on, Windows can claim – and use! – that space to store information belonging to any other file. Using the released space to store a different file will effectively overwrite the original content and make subsequent recovery of the original deleted file impossible.
However, that usually does not happen immediately. With large hard drives, Windows optimizes its write operations by writing new data into the biggest chunks of free space. This helps avoiding fragmentation and allows files to grow without fragmenting. As a result, disk space belonging to a deleted file may sit on the disk unused for a very long time. The original content of the deleted file will be available for recovery if you use the right tool.
Undelete using the file system
The way most file recovery and undelete tools work is scanning the file system for records pointing to deleted files. By analyzing these records, an undelete tool can find out which physical blocks or sectors on the disk belong to the file that has been deleted, read information from those blocks, and save the original file.
Or at least this is how data recovery tools used to work. Today, we have the option of using another algorithm in addition to (or in place of) the file system. Read How Data Carving Works to find out.
Frequently Asked Questions
Yes, it is possible to recover deleted files if they have not been overwritten by new data.
Stop using the disk (create an image) as soon as the files have been deleted and use the professional data recovery software RS File Recovery to recover the deleted files.
This greatly depends on the capacity of your hard drive and your computer's performance. Basically, most of hard disk recovery operations can be performed in about 3-12 hours HDD 1TB in normal conditions.
If the file does not open, it means that the file was damaged or corrupted before recovery.
Use "Preview" to evaluate the quality of the recovered file.
When you try to access the drive, you get the message "Drive is not accessible" or "You need to format the partition drive"
Your disk structure is corrupted.
In most cases, the data may still remain available. Just run the data recovery software and scan the desired partition to get it back.
Please use free versions of programs with which you can analyze the storage and view the files available for recovery.
You can save them after purchasing the program - you won't need to scan it again.
