When was the last time you acci­den­tally deleted an impor­tant com­puter file? If you’re a dig­ital foren­sics wiz, you may have been unfazed by the loss, knowing that you could follow a simple pro­ce­dure to recover the missing infor­ma­tion: Simply shut down your com­puter, remove the hard drive, install it onto another com­puter, make a 100 GB bit-​​for-​​bit image of it and then scan every byte until you find the lost .doc, .jpg or MP3.

If you’re not a dig­ital foren­sics wiz, then a new tool devel­oped by two North­eastern Uni­ver­sity grad­u­ates — Keith Bertolino, E ’08, ME ’09, and Matthew Kowalski, BA’08 — may be exactly what you need.

FoRCE, or Forensic Recovery Carving and Extrac­tion, allows any user — or, as Bertolino, put it, “your grand­mother” — to recover deleted text, images and other data files from their com­puters, and would be the first pro­gram capable of recov­ering deleted data files from run­ning machines.

The com­puter wiz­ards, who launched a dig­ital foren­sics con­sulting firm in 2006, are attempting to bring the tool to market in the next six months with help from IndieGoGo, the world’s largest global funding plat­form. Finan­cial con­trib­u­tors have the oppor­tu­nity to receive a dis­counted ver­sion of FoRCE in about a month.

The tool has mass appeal, Bertolino said, from home users looking to recover their own files to big cor­po­ra­tions looking for illicit activity on their com­plex sys­tems.  Other poten­tial users include local law enforce­ment depart­ments that don’t have the funds to employ trained forensic exam­iners or pur­chase the expen­sive tools cur­rently available.

IndieGoGo will pro­vide both the ini­tial funding for the project and market research that would help iden­tify the most inter­ested users. “The thought is that the backers will be rep­re­sen­ta­tive of the market space,” Bertolino said.

FoRCE, he said, stands apart from its com­pe­ti­tion in at least two impor­tant ways. For one, the tool would be sold as a stand-​​alone product, unlike cur­rent so-​​called “carving” tools, which are embedded in larger soft­ware pack­ages that pro­vide a variety of forensic tools along with data recovery. FoRCE is also a “live-​​box” tool, meaning it can operate on run­ning sys­tems, without the need to shut down the com­puter or take a dig­ital pic­ture of the hard drive.

If a com­pany gets hacked into, and they have huge data servers, it’s no longer fea­sible to com­pletely shut down,” Bertolino said. “You need to be able to do foren­sics on some­thing that’s run­ning.” This live-​​box approach is now stan­dard prac­tice in most dig­ital foren­sics appli­ca­tions, except for data recovery.