Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.


How Exterro Helps Keep the Bad Guys Off the Streets

Created on May 19, 2021

Founder and CEO

The following is the seventh post in a new blog series from Exterro CEO Bobby Balachandran, where he shares his thoughts on the issues legal leaders care about and his vision for addressing them. Read Bobby's last blog here.

In my last blog, I covered the exciting advancements we’re making with the Forensics Toolkit (FTK®)—things like amplifying our current capabilities with new AI to develop a “Smart Investigator” addition to help with internal and criminal investigations. We’re working on making a phenomenal tool even better, and have many fantastic things planned for the rest of the year (and beyond).

But part of the magic of FTK is that it was already the best digital forensics tool on the market before AccessData joined with Exterro—and one of the best at keeping the bad guys off the streets.

That latter point was a big draw for us as a company (and for me personally) as we’ve always prided ourselves on the work we do with our local community. And to be able to expand and grow that mission to include helping stop terrorism and cybercrime is something we’re embracing and taking very seriously.

FTK helps with both white-collar crime and the proverbial “bad people in the streets.” Let’s take a look at a couple ways FTK helps law enforcement catch criminals, and how businesses can use our tool to track down bad actors (both internally and externally).

The Digital Bloodhound

Whatever the crime is, the bottom line is that investigators are looking to retrace a person’s digital footsteps. And to begin an investigation, evidence is needed. You might need to know what’s on someone’s computer, what they’ve downloaded, what information they’re storing and frequenting, what they’ve encrypted, and where they’ve been online. Our technology acts like a bloodhound, able to track down where they’ve been and what they’ve been doing to provide a trail of evidence.

I’d like to use a real-life example. In 2012, the Aurora Police Department used FTK to uncover the intent of James Holmes, who shot and killed movie-goers at a late-night screening of The Dark Knight Rises. The lead computer forensics investigator of the Aurora Police Department, Detective Mike Leiker, used FTK to uncover information from his Google Chat history, his laptop, and his mobile devices—information that proved without a doubt the suspect’s guilt.

“With the help of FTK, I could quickly preserve the evidence, which later was crucial evidence to proving intent during trial,” said Det. Leiker in a case study.

I’m particularly proud that FTK is able to process this information much more quickly than our competitors, which means less time investigating and more time apprehending the suspect.

“Without FTK, finding the evidence in this case would have taken significantly longer,” said Det. Leiker. “FTK made it possible to more quickly find the critical evidence to convict a killer and bring a little bit of closure to the victims impacted by this tragedy.”

New products like Quin-C will allow officers to start a review of their own evidence and collaborate with one another to give lead investigators a head start. We’re looking to help cut time analyzing the integrity of the data. Faster processing and more active collaboration means law enforcement is able to prove the quality of their evidence more quickly so they can put the bad guys away faster.

Faster analysis is vastly more important today for another reason: the amount of data for caseloads have increased as well, creating backlogs. Senior police officers from England and Wales have stated that the amount of data they have to deal with for cybercrime doubles approximately every 18 months. These surging challenges require nimble solutions that leverage the most powerful processing technology on the market, so that departments are able to do more with less in their forensics investigations—and cut through the slog of data that each new case brings.

Police and law enforcement agencies require digital forensics solutions that enable their investigators to collaborate in real time and from any location to work more efficiently. Tools that help law enforcement professionals carry out these investigations in smarter, faster ways—while maintaining data security and integrity—is the key to dealing with the increasing data volumes and ensuring the timely closure of each case.

Tracking Down Bad Actors Inside the Business

Unfortunately, businesses must not only deal with malicious breach threats, but threats from within. Some employees, for whatever reason, may end up souring on a company and seek to leave with sensitive business data—or do something more nefarious. In these instances, internal investigators are looking at their own servers and intranet, unless the employee does something to alert someone that they obviously have bad intent.

In these cases, investigators are typically looking for data movement: something moving outside the organization. This could be an employee sending information or uploading company information or an external server. In cases like this, AD Enterprise can allow investigators to track digital movements from remote locations. We aren’t able to prevent these things from happening—it’s hard for any software to guarantee that, if the employee is savvy enough—but investigators will be able to figure out what happened, through which system endpoints it happened, and what must be done to prevent it from happening again.

And with our expansive list of APIs, we can integrate with enterprise cybersecurity alert software that can help prevent or detect a breach, allowing users to automate collections and take snapshots of what’s happening before the perpetrator is able to figure out what’s happening.

With cybercrime, there’s a lot to cover. In my next article, I’ll be discussing how Exterro has built an industry-leading Incident and Breach Management module, and how greater visibility into live data directly at the endpoints means faster and more targeted investigations.