Windows

Review: Recover files with NTFS Walker

NTFS Walker is a portable application that contains its own NTFS drivers that allow it to "walk through" the entire file structure, bypassing the need for the Windows operating system.

The ability to recover deleted files from an NTFS file system is something any good consultant should have in their back pocket. This also applies to the ability to recover files from a machine that has been rendered unbootable. There are plenty of tools available for that task, but few of them are as simple as the free tool NTFS Walker.

NTFS Walker is a portable application (it can be used from a thumb drive) that contains its own NTFS drivers that allow it to "walk through" the entire file structure, bypassing the need for the Windows operating system. Once NTFS Walker has read your system it will then allow you to view every record on the file system's Master File Table. And when you view a record you can actually get very detailed information about the file to be recovered.

Specifications

Who's it for?

NTFS Walker is an ideal tool for anyone who needs to perform file recover or data forensics. This is especially true when having a portable tool can make your job not only easier, but possible. But don't think NTFS Walker is just for forensics specialists. This tool is a viable solution for anyone that needs a quick solution for file recovery - even from deleted files.

What problem does it solve?

NTFS Walker enables the user to recover files that have either been deleted or exist on a hard drive that is not bootable but the file system is still readable. And to make this tiny application even more versatile, it is portable so it can be run from a thumb flash drive.

Key features

  • Simple to use interface
  • Included NTFS drivers
  • Save recovered files to external drive
  • Preview window allows you to view images and files with contextual data
  • View file hex data in preview pane
  • Recover deleted files
  • Extended partition support coming in future releases
  • Check modification dates of files
  • Deleted files clearly marked with red X

What's wrong?

There is a pretty nasty bug in the application that applies if you are trying to recover files from a thumb drive. If you scroll to the very bottom of the file listing on such a drive you will start getting a seemingly infinite amount of access violation warnings. Once this happens you might as well manually shut down your machine and start all over.

Competitive Products

Bottom line for business

This tiny, free application can really be a life saver in the event of a hard drive that won't boot or the deletion of critical files. And with it's simple to use interface and portability you'll be hard-pressed to find a competitive tool at the same cost. Any consultant or admin should seriously consider making NTFS Walker a regular part of their tool kit. Just don't use this tool to recover files on flash drives or you'll find yourself doing more hard shutdowns than you prefer.

User rating

Have you encountered or used NTFS Walker? If so, what do you think? Rate your experience and compare the results to what other TechRepublic members think. Give your own personal review in the TechRepublic Community Forums or let us know if you think we left anything out in our review.

Read our field-tested reviews of hardware and software in TechRepublic's Product Spotlight newsletter, delivered each Thursday. We explain who would use the product and describe what problem the product is designed to solve. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

19 comments
ndveitch
ndveitch

I have been using Hiren's BootCD for the last 3 years and it has helped me out of a few problems. Whenever I have an issue with a drive, I simply pop the Hiren's disk in the drive and boot to the Mini-XP window and usually I can view the drive. The mini-XP is really just a Linux boot with a XP skin. I find it very useful and fairly user-friendly. The only problem I find with Hiren's is that it is always a bit of a mission to get the latest version, but once I have it and set it up on a bootable disk, it is one of my first line defense tools when trying to figure out what is wrong with a users system. The tools that Hiren's has listed in it are all extremely useful and the range of tools I find very adequate for troubleshooting and general PC maintenance.

TechRabbit
TechRabbit

This would be a heck of a lot more useful with a search function. Not even a simple sort option? Really?

eryk81
eryk81

I normally use the Sleuth Kit to file recovery but I'll give it a try and see how it goes.

user support
user support

It is our organization's policy to save files to shared network drives as they are backed up daily. Any files lost due to hardware or software issues that are saved locally are the user responsibility. For our remote users we have moved to Citrix servers. In those rare times for remote users when they had connectivity issues and they saved files locally, we will run file recovery software if the hard drive can still boot. We use White Canyon or PC Tools software. If the hard drive doesn't boot, you get a new hard drive installed and a fresh installation. End of story!

sammy.mah
sammy.mah

Can you do an NTFS recovery with this? Does it support RAID setups? TRD has saved me lots of times, and I now will keep this on me at ALL times.

gechurch
gechurch

TestDisk (free) is my favourite tool. It's not as simple to use (no gui) but it was able to recover files when no other tools I used could. And I've tried quite a few tools across the years - probably 20. There are about 7 that I keep with me and use regularly that cover my different needs (file systems, CDs, memory cards etc). TestDisk is my favourite because it also lets you search for and re-write the partition table. Also, it doesn't rely on the bad drive having a drive letter (as a surprising number of these tools do). I also like EasyRecovery (I normally use this when I need to recover files of a certain type. It's especially good because it lets you define your own file signature, so you can recover files of an uncommon/proprietry format). It's not free though. Zero Assumption Recovery is also a good tool, which few people seem to have heard of. It saved my bacon once when I had tried all my other tools without success. It's not free, but tools in this category only have to save you once to more than pay for themselves. Out of interest - what's the advantage of the NTFS driver in NTFS Walker? You state that it "bypasses the need for a Windows operating system", but the program only runs on Windows anyway! I assume you mean it can be read without relying on Windows to read the MFT on behalf of the software?

frank.doyle
frank.doyle

Forgive my stupidity, Once I have installed and opened the file "NTFSWalker" and selected a drive or partition, How do I use the info displayed on the screen to enable me to "Recover files". I have opened "NTFSWalker" and do not see any obvious way to identify specific deleted files, Yes, they apparently have a red X but most have numerical names. Please explain how to use this utility in more detail Thank you Frank You have "perked" my interest.

alan
alan

When I plug my thumb drive into my laptop then Windows XP on my HDD allows me to select and run any portable program on the thumb drive. When my Laptop is unbootable and I plug in my thumb drive, how do I select and run this portable tool ? Does it include its own DOS or Linux O.S. so it can claim "bypassing the need for the Windows operating system" ?

swapnil.jaiswal
swapnil.jaiswal

recuva seems much better and atleast misted a lot more files than this tool did.. and unlike the other tools you listed here, it is free.

basil.cinnamon
basil.cinnamon

Recovering a file is helpful, but sometimes a machine won't boot because of a damaged file; it would be great to be able to overwrite a damaged file with a good copy and thus re-enable booting. Anything out there for this purpose?

Mark W. Kaelin
Mark W. Kaelin

What tool do you use to recover files? Would you recommend it to your peers?

GreatZen
GreatZen

The question is: "What tool do you use to recover files?" And your answer is "file recovery software if the hard drive can still boot."

GreatZen
GreatZen

You need to boot from USB (or CD/DVD/BluRay) to some other working OS to use NTFS File Walker. Search for "make a bootable USB drive" or even better if you have Windows 7, it includes handy tools for making USB devices bootable (if your hardware supports it). Search for "make a bootable USB drive with Windows 7" and go from there. If you need/want to boot from disk media, which is often necessary, BartPE is a good choice. Or, you can use Ultimate Boot CD which includes a large set of recovery and diagnostic tools. There is also a BartPE based UBCD4Windows. If you need recuva or NTFS File Walker, you can customize the disk (using the instructions on the UBCD or UBCD4Win site). Keep in mind that much hardware older than 2 or so years doesn't support booting from USB. Additionally, you odten need to have the USB device in the computer, then go into, then add the particular device to the boot order just as you would a new drive of any other type. Some systems that have a "Boot Menu" hot key (such has most major vendor systems) like F12 will allow you to boot to a USB Key/Drive without having to alter your boot order in the BIOS. Booting to CD media is far more universally applicable (and has the added security of being read-only media) but USB is MUCH faster and has the added benefit of being able to save files to the bootable drive. Good luck!

mik3
mik3

A Knoppix Live Boot CD or DVD will mount NTFS Drives and will allow you to copy, move, delete and overwrite files. I recommend you get the version 5.3.1 DVD iso and burn it to a DVD yourself. The NTFS drives\volumes are shown on the booted Knoppix desktop as unmounted icons by default. You right-click them and choose Mount. They are normally mounted as read-only, but there is another right-click choice on the mounted Icon that allows you to make them writeable! BTW the Knoppix Live DVD is a pretty good Recovery solution itself!

gechurch
gechurch

Generally this is a bad idea. For the best chance of recovery you want to stop using the disk. If you continue using it, new files can overwrite deleted files that you wanted to recover. It sounds like you just want to take a working copy of a boot file and replace a corrupted version of the file on an otherwise good disk? If that's the case you don't need recovery software. Just boot from a CD that can write NTFS, or (usually) even easier - pull the drive and plug it into another PC.

Spitfire_Sysop
Spitfire_Sysop

Of course! It's called a "Recovery Disk": http://www.nu2.nu/pebuilder/ This one is based on the winPE or "Pre-installation environment". It's the same system that you boot in to when doing a standard XP install. It has full GUI functionality and makes interacting with a dead OS simple! It's free, all you need is your original install disk and this application makes a custom ISO just for you.

Chug
Chug

I'm really confused on this too. The program runs under Windows, so it's a Windows program. Can I create a DOS bootable CD or USB drive (of which I already have several) and run NTFSWalker under that, or does it have to be a "Windows" variety bootable CD like a BartPE (which I am familiar with but are much more difficult to create than a simple "DOS" bootable disk)?

GreatZen
GreatZen

For one thing, "flavors" of Windows are different OSes. Additionally, there are a wide variety of more exotic methods of booting a windows partition/image from a LiveCD/BootUSB such as using a virtual machine. I merely included the phrase so as not to be overly specific to the point of being wrong. Its kind of how we teach kids "this can't be done" and then when they get to college we say "So we sort of bent the truth. It can be done but only with these preconditions." I was trying to skip the part where I lie to you at the beginning to simplify the explanation. Finally, as far as I can tell, it's a Windows only program. In the world of shiny red warning signs, it has two public versions, which were released on consecutive days, and hasn't been updated in more than a year and a half. I typically recommend Recuva from the same guys (Piriform) who write some other famously simple yet effective free tools such as CCleaner (the "standard" free registry cleaner") and Defraggler (a defrag tool that allows defrag of single files... like say a QB company file).