How Does NTFS Recovery Work?
The NTFS file system is a proprietary system native to Windows XP, Windows 2000, Window 2003, Windows NT, and Windows Vista known for its high-performance, self-healing properties, file-level security, compression, and auditing.
The FAT (File Allocation Table) file system is an older, simpler file system that was designed for smaller disks with simple folder structures. The File Allocation Table contains a list of each file and its address on the disk drive.
Instead of using a File Allocation Table to store information about files, an NTFS volume keeps information about each file in a Master File Table. Each record in the table contains information about the file a mirror record should the original information become corrupt. A log file is also contained in the record which is used for NTFS recovery. In addition, cluster remapping is a technique used by NTFS to minimize the effects of bad sectors.
Basic, automatic NTFS recovery is built into the file system itself. Should a disk failure occur, the NTFS recovery routine kicks in. The NTFS recovery procedure accesses the information that is stored in the log file. Whenever the computer is restarted after a failure and a program tries to access the NTFS volume, the NTFS recovery processes is automatically started.
Cluster remapping occurs when a bad sector is detected. This NTFS recovery technique can result in data loss if the error occurred during a read operation. When a bad cluster is detected, NTFS remaps the cluster and allocates a new cluster for storing the data. It also records the address of the bad cluster in a "bad cluster" file so that the bad cluster isn't used again.
Transaction logging is another NTFS recovery procedure which involves logging all I/O operations that modify system files. During an NTFS recovery, each transaction in the log is redone to ensure the integrity of the volume structure. After a system failure, all system files remain accessible however data files are not protected and can be lost.
With all these NTFS recovery routines taking place automatically, you would think that data loss can no longer occur. While the NTFS file system is much improved over the FAT file system, it's not perfect and data loss does occur such as during a system failure as described above. You can't rely on mirrored records in the Master File Table and automatic cluster mapping as a replacement for regular backups. In addition, Master Boot Record and boot sector corruption can make the data on the NTFS volume inaccessible.
Fortunately, if your NTFS volume has gone through an NTFS recovery routine and your data is lost, hope doesn't have to be lost as well. Many data recovery software utilities are designed for NTFS recovery.
Time is of the essence though. It's critical that you stop all computer operations and do not do anything that will alter the NTFS drive or your data could be permanently overwritten. Use a reliable NTFS recovery utility that boots from a floppy or CD and retrieve your data before it's gone for good.
