I just accidentally deleted 4400 text files (1.5GB) on an NTFS volume that's probably heavily fragmented, although these files were created in a particular sequence. The files contain long columns of numerical data. If the undelete program takes one cluster from one file and another from some other file, there's basically no chance to detect it by taking a look at the files or even using a program that I could write. There are plenty of possibilities how this can go unnoticed.
So my question is: Is undelete on NTFS reliable? I mean, can I rely on the files being recovered as they originally were, with correct sequence of clusters and not mixing clusters from different files together? In the old DOS and FAT days, DOS deleted files by changing the first letter in the name to ? and then marking all of its clusters in FAT as unused (which overwrote there sequence), so you had to guess which clusters belong to the file and their sequence. Is this true for NTFS or is NTFS more advanced and can mark clusters as unused without forgetting the sequence (by changing an extra bit for the cluster being used/unused, but not changing the ID of the next cluster)?
Thanks a lot. If you know a good undelete tool, please recommend it.