Microsoft has released Sysmon, or System Monitor, a Sysinternals tool that is designed to monitor systems for malicious activity and log events to the Windows event log. With the release of version 11, it can now monitor for file deletions and automatically archive files when they are deleted. This allows administrators to detect malicious activity occurring on their network after they are breached or to perform incident response and digital forensics to learn more about how an attack took place. This tool is extremely useful for incident responders when performing digital forensic or mitigation of security breaches.
Source: https://www.bleepingcomputer.com/news/software/microsoft-releases-sysmon-11-with-auto-backup-of-deleted-files/