Skip to content

Collaborative Forensic Review with FTK Central

Empower reviewers, examiners, and investigators to work together to find evidence faster and produce results quickly with minimal training.

Public and private sector organizations worldwide trust Exterro FTK for their investigations.

West Midlands Police Logo

Share digital forensic evidence in real-time with case teams and external reviewers across the globe.

FTK Central is the only forensic platform that truly combines blazing-fast processing power, limitless scalability, and simplified review in a collaborative, web-based solution. 

  • Collaborate Globally

    Work together with external reviewers as well as team members in real time to uncover evidence faster.

  • Collect from Anywhere

    Forensically collect data from anywhere. Perform covert on- or off-network collection from remote endpoints, as well as cloud data sources.

  • Process Evidence Faster

    Configure multiple distributed processing engines to scale up and reduce processing time from days to just hours.

Conduct internal investigations with multiple reviewers with the intuitive Smart View.

WIth FTK Central, multiple investigators can work simultaneously on a single case, sharing evidence without duplicating work or wasting time. The user-friendly UI enables non-technical reviewers like HR or legal team members to be instantly productive with minimal training.  Near-native views of mobile data, chats, spreadsheets, and Mac app artifacts help reviewers feel comfortable working with evidence. 

Collaborate within and across jurisdictions with centralized evidence review.

Police forces are hamstrung by disjointed forensics workflows that create a mountain of data, evidence processing delays, and delayed justice for victims.  FTK Central empowers frontline investigators to review their own evidence and collaborate with other examiners to reduce lab backlogs. 

Identify malicious activity before it wreaks havoc with scalable Volatile Memory Collection.

Use FTK Central to determine if your organization has been compromised by examining traces of suspicious activity. Scan your network for clues like Indicators of Compromise (IOCs), YARA and MISP rules.  Easily collect volatile data from up to 20,000 remote endpoints at once to preserve evidence and prioritize where to perform full-disk collections.

Additional Capabilities

  • Cloud Collection

    Perform covert cloud data source collection from popular tools like the G Suite, Gmail, Microsoft Office365, Teams, One Drive, Exchange, and SharePoint, plus Slack and Box.

  • CSAM Support

    Integration with Semantics 21 allows forensic investigators to easily share their CSAM image categorization work with collaborative hash databases like CAID and Project Vic.

  • Role-Based Access

    Maintain security by setting permissions for each case file so reviewers only see data that is relevant for their assigned cases.

  • Optional Automation

    Integrate with SIEM and SOAR solutions to automate the instant preservation of remote endpoint evidence upon detection of an intrusion. Automate case creation, evidence processing, searching and labeling – all without complicated scripting.

Innovative partners for your entire DFIR workflow

From technology companies to organizations fighting child exploitation, Exterro’s partners make a difference for digital forensic investigators.

Semantics 21 Logo
Palo Alto Networks Logo
Project VIC International Logo

“Exterro’s FTK Central has massively reduced processing times and improved forensic readiness…processes that previously took days to complete are now almost instantaneous. We anticipate that we will see continued improvements over the coming months, including vastly reduced data backlogs, minimized detention times for suspects and expedited cases, resulting in faster speed to justice which will see the innocent released, the guilty convicted, and a sense of closure for victims and their families.”

John Price Detective Sergeant, West Midlands Police, UK

Frequently asked questions

  • Can FTK Central accommodate users inside and outside my organization?

    Yes.  FTK Central can be configured behind your firewall for inside review teams to work together on cases, and its web-based review infrastructure can also securely allow for outside investigators or attorneys from other jurisdictions and agencies to participate in the review process, regardless of their location.

  • Is FTK Central compatible with other FTK products?

    Yes, FTK Central integrates seamlessly with other tools like FTK Lab and FTK Enterprise to enhance your existing forensic lab ecosystem and provide a web-based solution to fit all skillsets. It can also integrate with FTK Connect to automate workflow processes such as collection, processing, searching, labeling, exporting, and more.

  • Can FTK Central be hosted in a cloud environment?

    Yes, FTK Central can be easily deployed in a cloud environment like AWS or Azure to scale your infrastructure.  Host it in your own private cloud or with a third-party provider.

  • What types of endpoint preview or collection can FTK Central perform?

    FTK Central has the ability to perform live preview and full-disk data collection from both on-network and off-network Windows and Linux endpoints. It can also perform targeted preview, targeted (or filtered) collection, volatile data capture, IOC scans, YARA and MISP scans, and remediation.   

  • Which cloud sources can FTK Central collect from?

    FTK Central can collect from Microsoft Exchange Online, Exchange On Prem, OneDrive, OneNote, SharePoint, Teams, and Yammer. Google Drive, Gmail, Slack, and Box, as well as from network shares.  Additional cloud connectors are available upon request.

  • How many DPE processing engines can be configured with FTK Lab?

    Increasing the processing power of FTK Central is easily achieved with additional hardware.  With its centralized processing farm infrastructure, you can configure FTK Central with up to 16 Distributed Processing Engines (DPE) per Distributed Processing Manager (DPM).  We recommend starting with 6-8 DPEs when you first implement FTK Central and scale up from there. For more information about FTK Central configuration, reference the System Specification Guide.

Ready to Learn More?

Learn how FTK Central can simplify your current DFIR workflow


Distributed processing capabilities


Guaranteed application uptime


Extra hours of productivity per day

Harness the power of cloud-based forensic processing & collaboration

“The answer for us was leveraging cloud solutions and cloud processing. We can use FTK Central on any West Midlands device, without updating it, adding processing power, or adding RAM. It’s leveraging that processing power in the cloud. If we hadn’t engaged with this solution, then the cases would be just building up, sitting on a shelf for three, four, five months.”

Detective Sergeant John Price, Team Leader


Learn How FTK Central Can Simplify Your DFIR Investigations

Product Briefs

Exterro FTK Central Product Brief

The only forensic platform that combines blazing-fast processing power, limitless scalability, and simplified review in a collaborative, web-based solution.

Product Briefs

Exterro and Semantics 21 Product Brief

Exterro’s integration with Semantics 21 allows forensic investigators to easily share their image categorization work on Child Sexual Abuse Material (CSAM) with the United Kingdom’s national Child Abuse Image Database (CAID) for known CSAM images. 

White Papers

The Next Generation of Digital Forensics

Download this Exterro quick guide to learn about new digital forensics technology that's transforming how law enforcement professionals investigate cases.

Ready to get started?

See our collaborative workflow solutions in action. 

Get a Demo