Forensic Toolkit (FTK)
Zero In On Evidence Faster
With the growth of big data from the wide variety of devices and systems, it can be challenging to find and collect relevant evidence in a timely and efficient manner. Whether you are law enforcement dealing with the growing backlog of devices waiting to be processed or a company searching through massive amounts of data from multiple sources, FTK® cuts down on investigation time and resources needed by providing
you with an integrated forensics solution preferred by expert digital investigators.
What is FTK?
FTK is an award-winning, court-cited digital investigations solution built for speed, stability and ease of use. It quickly locates evidence and forensically collects and analyzes any
digital device or system producing, transmitting or storing data by using a single application from multiple devices. Known for its intuitive interface, email analysis, customizable data views, processing speeds and stability, FTK also lays the framework so your solution can grow with your organization’s needs for a smooth expansion.
Unlike other products on the market, FTK offers:
One Shared Case Database
All digital evidence is stored in one case database, giving teams access to the most current case evidence. It reduces the time, cost and complexity of managing your cases. You
won’t experience failures associated with memory-based tools like you can with other products on the market. For example, if the GUI crashes, the processing will continue,
and best of all, there is continuous data transfer between Exterro’s forensic and e-discovery solutions, allowing for true collaboration among all parties working on the case.
Unmatched Processing Speed and a More
With customizable processing, you have the ability to establish enterprise-wide processing standards, creating consistency for your investigations and reducing the possibility of missed data. Since evidence is processed up front, you don’t have to wait for searches to execute during the analysis phase. FTK is designed to provide the fastest, most accurate and consistent processing with distributed processing and true multi-threaded/multi-core support.
Why Multi-Threading/Multi-Core Support?
FTK uses 100 percent of its hardware resources and is more reliable in the event of hardware or software glitches. You can also benefit from processing data faster since FTK uses all hardware resources!
Faster Searching with Consistent Results
Indexing is done up front, so filtering and searching are faster than with any other solution. FTK offers the flexibility to perform multipass data review and change indexing options without reprocessing your data. Whether you are in
the investigating phase or performing document review, you have a shared index file, eliminating the need to recreate or duplicate the file. Most importantly, you’ll receive consistent search results.
Plus, get all of these important features...
FTK allows users to create images, process and analyze a wide range of data types from forensic images to email archives and mobile devices, create custom scripts, review data offline and scale with distributed processing and the cloud—all within a single solution.
Enjoy the simple, intuitive and customizable, panels-driven review interface of QView.
Designed with the reviewer in mind, QView utilizes multi-case functionality such as tagging, searching, labeling and bookmarking across multiple cases. And, easy mobile chat application and multimedia review, along with similar face and image detection are all backed by a unified database.
Facial & Image Recognition
Train your system to look for specific individuals or find objects within images and then filter your results to look only at those pictures. Speed up investigations and draw connections without looking through every image or thumbnail.
Facial and Object Detection
Quickly locate all images of a person or object across the case without having to train
the system. Also, you have the ability to upload an image from outside the case and compare it to pictures within the current case without ingesting it.
Manage Mobile Data
Locate, manage, and filter mobile data more easily with a dedicated Mobile Tab and
Message Application filter to isolate data from messaging apps like WhatsApp® and Facebook®. Also, be able to intuitively review UFED reports, XRY case files and email and chat conversations in a near-native viewer.
Internet Browser and Web-Based Email Evidence
Almost every investigation involves the analysis of Internet artifacts. Web-browsing
caches store records of sites a suspect has visited, web-based emails may help to prove intent or correlate other events and instant message conversations or social media sites can contain evidence. FTK groups URL search history from all browsers in one section, organized by date, time, and category (e.g., Adult, Chat, Dark Web, News, etc.)
Create Custom Python® Scripts
Run your own Python script within FTK, eliminating the risk of data spoliation by keeping the data in one location.
Add up to three distributed processing engines on the fly with auto-scaling, leading to better resource allocation.
Export your data into a portable case for offline review. No need to spend time generating reports that can only be viewed in a couple of different formats. Portable case makes your life easier with a quick export. Also, labels and bookmarks created by the reviewers are synced back to the original case.
Use the Power of the Cloud
Achieve flexibility and save money by using the power of the cloud to scale your environment with Amazon Aurora® support.
Support for Apple® File Systems
As BYOD has taken over, organizations frequently need to process data from Apple
devices. With FTK, you can quickly parse through data from any Apple operating system up to macOS® 10.15 (Catalina).
Automatically construct timelines and graphically illustrate relationships among parties of
interest in a case. With Email, Social and File Visualization you can view data in multiple display formats, including timelines, cluster graphs, pie charts, geolocations and more, to help you determine relationships and find key pieces of information. Then generate reports that are easily consumed by attorneys, CIOs or other investigators.