Não, a menos que a auditoria correta tenha sido configurada anteriormente.
For the system:
Advanced Audit Policy, Object Access, Audit File System (Success and Failure)
For the directory:
Advanced Security Settings, Auditing, Everyone - Delete (All)
Com os configurados, você verá a ID de evento 4660 An object was deleted
e a ID de evento 4663 no log de segurança:
An attempt was made to access an object.
Subject:
Security ID: DOMAIN\USER
Object:
Object Name: C:\share\one
Access Request Information:
Accesses: DELETE