Deleted data by mistake? Here's how to get it back
Davey Winder offers some timely advice on what to do if you accidentally delete some important data
Data deletion can be caused by all sorts of unexpected, events: sudden hardware or software failure, malware activity and, perhaps most commonly of all, simple human error.
Some examples of the latter I have experienced have included accidentally reformatting a laptop drive, tripping over a wire that pulled the power lead out of a desktop machine and corrupted the data being written at the time, and - most common of all - deleting the wrong file or directory.
Avoiding human error is, quite frankly, all but impossible as we all make mistakes. Avoiding the potentially costly impact of deleting important data is not only possible but absolutely imperative in terms of business continuity.
Planning ahead is the most valuable mitigation strategy, and includes the obvious process of backing up your data. Quite apart from the immediate interruption to your business processes and stifling of cash flow, consider the cost in man hours of manually reconstructing the lost data.
So think of data backup as insurance, with recovery of your business information the pay-out after an accidental loss. And the best news: it's much more affordable than many businesses think.
Traditionally, there have been three main data backup options: tape, direct attached storage (DAS) and network attached storage (NAS). These days you can also add cloud to that list.
Tape still has a place as an off-site system for the less time-critical data volumes, and is relatively inexpensive when compared to DAS but positively exorbitant when sat next to the average cloud backup scheme. NAS is also still relevant, particularly for small companies, thanks to it needing less dedicated on-site IT resources. However, it could be argued SMBs can get the same benefit at less cost (and some would argue with greater resilience) by using the cloud.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Clouding up
The kind of data you have will determine your backup strategy as much as the size of your budget. Data, which changes by the hour, should be backed up by the hour. Data that is of vital importance to the business should be recoverable in as close to real-time as possible, and an organisation which is experiencing rapid growth should have a backup system that can be efficiently and economically expanded to accommodate it.
All of these things point increasingly towards the cloud, at least from the end user perspective. Your organisation will simply see a web browser-based interface for administrating the sending and retrieval of data to and from the cloud, but your data will be physically stored within a secure datacentre of the kind you are highly unlikely to afford to run yourself.
So the advantages of using the cloud for backup are obvious enough: if the office is closed by flood or fire, your server crashes and all seems lost, the cloud enables you to access your mission-critical data from a laptop and keep your business running as if nothing had happened.
From the cost perspective, there are no requirements to purchase and maintain any additional hardware infrastructure. But what about the downsides? Can you trust the cloud if disaster strikes? The question of cloud security has, for all intents and purposes, been answered in the affirmative; done with due diligence the cloud is as secure as any other data store.
There's also a good argument to suggest that because the cloud provider has invested in the kind of resilience at all levels, from power and cooling through to standby servers, there is less chance of hardware failure than within the average organisation.
Even if you don't consider cloud to be a fully blown disaster recovery solution, it does have another trick up its sleeve: as a 'hot and cold' file store. You can stack versioned copies of business critical files in the cloud and recovery them in real-time should an accidental deletion occur on the organisational hardware.
But what about when, for whatever reason, you don't have a current backup - even a hot and cold cloud copy? Is everything lost, both figuratively and literally? The answer is possibly, but probably not truth be told.
Data recovery is usually possible, although it doesn't come cheap if you need to outsource it to a specialist contractor with the kind of clean room facilities required when dismantling hard drive platters or the in-depth understanding of getting data from a damaged SSD drive flash memory chip. What you should, and just as importantly shouldn't, do in terms of data recovery depends entirely on the kind of mistake that has deleted the data in the first place.
If the human error involves the death of your storage drive, then a knee-jerk reaction involving downloading software to recover your files is almost always a bad idea because you quite simply cannot know the full extent of damage to your drive and to the data upon it. A little knowledge, in such circumstances, is a very dangerous thing; especially if you want a data rescue outfit to be able to recover anything meaningful.
There is a chance it may work, for sure, but if the data is valuable then that chance is not worth taking when balanced against the risk of corrupting it further. The single most important rule when faced with a drive failure is don't try to use that drive again, don't try to reboot it and - if it does mount - do not copy any data from it.
Any of these actions could compound the damage to the point where what is forensically recoverable isn't practically usable. Instead, best practice is to turn off the computer/server and swap the disk out at once before calling in the data recovery experts.
If your drive is perfectly functional, and the cause of data deletion is user error, then things become much simpler. For a start, there is a reason why IT security people place such an emphasis on the secure erasing of decommisioned drives; simply deleting, or even reformatting, a drive does not actually destroy the data, it just makes it less visible.
Time is of the essence, however, because while your data will still be there the filesystem will have given instructions that the space it occupies can be reused and there is every chance that chunks of your files will be overwritten quickly enough. Indeed, it's this over-writing methodology that is most commonly used to 'shred' data when disposing of a drive.
Overwrite the data enough, with appropriate amounts of new and random data, and the original becomes all but impossible to recover in any meaningful or affordable way. This is all good news because there is are a plethora of software out there that will do the reverse of the shredding thing, and pull your data out of the smoke and mirrors storage and make it visible again.
A scan of the drive or directory is all that is needed, and can take anything from a few minutes to a few hours depending upon the size involved, and a list of recoverable files will be returned. You are then just a mouse click away from getting your data back.
Whether it is returned to you in one piece or not will depend on what you have done between deletion and scanning for recovery. Just as the warnings about not using a damaged drive for fear of doing more damage, so the very act of installing the recovery software can overwrite some or all of the data you were hoping to recover.
There are two ways to avoid this face-palming scenario and that's to either use an online service which doesn't require installation or to have the software already installed. Both come back to a point I've made before: the real solution to recovering erroneously deleted data is to plan well ahead. Be prepared for when disaster strikes and you stand more chance of recovering what has been loss and less chance of having a stroke.
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.