I did about the dumbest thing that can be done by someone who considers himself computer savvy. I deleted an entire folder of important data. This folder had many child folders. All of these folders were full of important files for me.

Don’t do this!

I won’t bore you with the details of this long, dumb story, but it had to do with a small batch file intended to delete all files and folders in a parent folder—which on Windows isn’t very easy. Thanks to StackOverflow I found this small batch file:

When a target folder is passed to this batch file, its contents are removed. It’s worked like a champ for a couple of years for me. However, the other day I discovered that if you run this batch file, without passing it a target folder, it, like a faithfully, silly puppy, tries its best to make you happy so it simply starts deleting folders at the root!

While this batch file has served me long and successfully in the past, I had never tested its edge cases. The other day I paid the price of that indiscretion.

At least someone knows what he’s doing

Luckily, for me, we have a superb network administrator and about a year ago he deployed and configured a network-based backup that runs in the backgrounds and keeps all of our important data safe.

When I realized my data was missing, I ran to his office and ask him about the backup. He said, "Yep, it’s running and working. Which folder do you need?" As he talked, he pulled up the backup software’s restore screen. My precious folder wasn’t there! He had told me, months ago, what folders were being backed up and if I needed others added to the list to let him know. Argggggggggggggg!

Panic sets in

On the walk back to my office (no running this time!), I pondered my options. And slowly started to realize that I had added several important things to that folder since my last backup. Panic, and depression, were setting in.

A quick check of the recycle bin showed nothing of value. I assume this is because the deletes took place in a DOS command box. No matter, really, though, because nothing was there.

The machine on which this data loss occurred is a virtual machine. Knowing that any disk-write activity could overwrite clusters of my now-deleted data, I shut the VM down. From the host I mounted the virtual machine’s VHD file as a read-only drive on the host. If you’re not familiar with the ability to do this, it is often a very handy thing to be able to do! I now had read-only access into the file system of my VM.

Active Undelete to the rescue

I’ve used undelete utilities before, but with only partial success. Low-end, free restore utilities generally aren’t able to restore folder structures. Rather, they restore deleted files to a single folder, all with auto-generated file names. It isn’t pretty and it’s only for the very patient. I needed something better.

After several minutes of Googling, I settled on Active Undelete. It was only $45 US, and claimed to restore folder structures along with the deleted files. With low expectations, I quickly read the instructions and fired up Active Undelete. After about a 15-minute scan of the mounted drive, it showed an indented tree of all of the folders and files it could restore—all of which were marked as "excellent" for the chance of successful recovery. I attribute this to getting out of the VM as quickly as possible and being able to use another computer on which to do the data recovery. Had I made my mistake on a physical PC I would have probably removed the drive and put it in other PC to ensure cluster integrity of the deleted files.

Active Undelete is available in three editions: Standard, Professional, and Ultimate. I purchased the Professional edition (because I might also need to do some boot sector recovery) but I am pretty sure that the Standard version would have also successfully restored my data. 

That was close

In less than hour, Active Undelete delivered on its promise. After a week, I’ve not noticed anything missing that should have been recovered. I think I’m gonna be OK! Thank you, Active Undelete.

Did I learn anything?

You bet. Here’s what I’m doing differently from here on out: