Skip to content

Data recovery for the rest of us

When was the last time you accidentally deleted an important computer file? If you’re a digital forensics wiz, you may have been unfazed by the loss, knowing that you could follow a simple procedure to recover the missing information: Simply shut down your computer, remove the hard drive, install it onto another computer, make a 100 GB bit-for-bit image of it and then scan every byte until you find the lost .doc, .jpg or MP3.

If you’re not a digital forensics wiz, then a new tool developed by two Northeastern University graduates — Keith Bertolino, E ’08, ME ’09, and Matthew Kowalski, BA’08 — may be exactly what you need.

FoRCE, or Forensic Recovery Carving and Extraction, allows any user — or, as Bertolino, put it, “your grandmother” — to recover deleted text, images and other data files from their computers, and would be the first program capable of recovering deleted data files from running machines.

The computer wizards, who launched a digital forensics consulting firm in 2006, are attempting to bring the tool to market in the next six months with help from IndieGoGo, the world’s largest global funding platform. Financial contributors have the opportunity to receive a discounted version of FoRCE in about a month.

The tool has mass appeal, Bertolino said, from home users looking to recover their own files to big corporations looking for illicit activity on their complex systems.  Other potential users include local law enforcement departments that don’t have the funds to employ trained forensic examiners or purchase the expensive tools currently available.

IndieGoGo will provide both the initial funding for the project and market research that would help identify the most interested users. “The thought is that the backers will be representative of the market space,” Bertolino said.

FoRCE, he said, stands apart from its competition in at least two important ways. For one, the tool would be sold as a stand-alone product, unlike current so-called “carving” tools, which are embedded in larger software packages that provide a variety of forensic tools along with data recovery. FoRCE is also a “live-box” tool, meaning it can operate on running systems, without the need to shut down the computer or take a digital picture of the hard drive.

“If a company gets hacked into, and they have huge data servers, it’s no longer feasible to completely shut down,” Bertolino said. “You need to be able to do forensics on something that’s running.” This live-box approach is now standard practice in most digital forensics applications, except for data recovery.

Cookies on Northeastern sites

This website uses cookies and similar technologies to understand your use of our website and give you a better experience. By continuing to use the site or closing this banner without changing your cookie settings, you agree to our use of cookies and other technologies. To find out more about our use of cookies and how to change your settings, please go to our Privacy Statement.