| It should be noted that files can often be recovered if you notice soon after accidentally deleting them. You need a file recovery tool that understands your file format (Recuva is a pretty good free tool) but you can save yourself hours of work if you act quickly. These tools rely on the fact that Windows (and most other operating systems) don't zero out the filesystem when deleting files. This means that the file contents are still there, all you're really missing is the reference to the file contents. As long as the disk doesn't get overwritten, the files can be saved. The more surefire way to recover files is to stop writing to the drive as soon as you notice your mistake. If you want to use your existing OS for file recovery (much easier, but less likely to succeed) you will need to kill any program running and start a recovery program as soon as possible. Chances are you can't mark the drive you saved the file to as read-only, so speed and luck are essential. It helps to have a file recovery tool installed already, so you don't have to download and install one, increasing the probability of overwriting your precious file contents. Using easy tools like Recuva and some other paid software, you can often get files back, not only from the original location but also temp files that may have been left behind during editing. The most reliable way I know involves a Linux recovery disk. It's not exactly beginner friendly, but even moderate knowledge of Linux and the command line can save you hours of work. The most surefire way I know to recover files is to kill the machine (pull the plug, hold down the power button, etc., so the shutdown process can't write any new files) and to boot into a live Linux distro packing recovery tools. Kali has a bunch, but there are others as well. Make sure not to mount the drive read-write (you probably can't get it to mount automatically after a forced shutdown anyway) so it doesn't corrupt your files and then run recovery software. Testdisk [1] can often find deleted files, though it's built to recover partitions more than it was made to recover files. ntfsundelete[2] is a command line tool that was made to find files that were likely to be deleted. It's especially useful if you know the name of the file you're trying to recover. foremost[3] and its fork scalpel [4] are command line forensic recovery tools originally written by a member of the USAF Office of Special Investigations. They're not as well-maintained as some other tools but they're very versatile if your file format may not be recognized by other tools. Finally there's Sleuthkit [5], a file recovery tool that will run from Linux leveraging other file recovery tools as well as its own forensic recovery tools, bundled together with a nice GUI. This too was designed for forensic analysis more than anything, but the GUI can help avoid tedious command line work. With bigger files this becomes harder, because the file may be fragmented and because the larger the file, the higher the probability that new files have been written on top of the old file contents. For Bitlocker encrypted drives, you'll need to use a tool like dislocker[6]. Make sure to mount data read only though, because Bitlocker is proprietary and reverse engineered tools have a habit of corrupting data when writing to disk. [1] https://www.cgsecurity.org/wiki/TestDisk [2] https://linux.die.net/man/8/ntfsundelete [3] https://foremost.sourceforge.net/ [4] https://github.com/sleuthkit/scalpel [5] https://sleuthkit.org/index.php |